Microsoft Graph Users
With this Playbook App, you can get Microsoft Azure Active Directory User account information including Groups and Applications the user has access to. This information can be used for making automated decisions about the next steps to take in the investigation as well as helping you to have all the information you need without having to collect it manually. Some example use cases with this app are:
- As part of a security process, get user account information from Azure Active Directory. This information can be used for making automated decisions about next steps to take in the investigation as well as helping analysts have the information they need without having to collect it manually.
- During a security investigation it’s often necessary to suspend a user’s account for a timer period while the investigation takes place and analysts can confirm that the account is not compromised. This action can be automated as part of a Workflow or Playbook. Later in the process, the account can be unsuspended and the password can be reset automatically. Additionally, the user can be forced to reset their password at next logon.
The follow actions are available:
- Get User – Get User retrieves the properties and relationships of the user object.
- Update User – Update the properties of a user object.
This app can be found in the ThreatConnect App Catalog under the name: Microsoft Graph Users.