Forum Discussion
Requiring password change for users whose credentials are leaked in Azure Identity Protection
We have E5 license for Office 365 so receive alerts if a user's credentials are leaked. I know in Azure Identity Protection for such scenarios the Risk is High and event type is "Leaked user credenti...
I would take a look at Azure Sentinel. It's Microsoft's SIEM/SOAR based on Azure. Integrating just IDP alerts is actually free.
You could then create a Playbook => Logic App which does these actions. This will be the easiest way to achieve what you are trying.
You could then create a Playbook => Logic App which does these actions. This will be the easiest way to achieve what you are trying.
Hi Thijs Lecomte,
Thanks for the suggestion, but our company has Splunk so Azure sentinel is not an option.
Any other way we can create a logic app to do this?
- You can always look for the right alert in the Security Graph and then execute a Logic App.
Or better yet, ingest it into Splunk and do the automation there.
Check out this example: https://medium.com/wortell/logic-apps-the-graph-security-api-integrate-all-microsoft-products-in-your-ticketing-system-86f2e94fb246