Forum Discussion
"Block user in Azure AD" playbook action
Hi,
I am creating some playbooks and would like to include an action where the user involved in the alert it blocked. I thought this was possible using Sentinel playbooks based on the image in this tutorial.
https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook
I cannot find that action under Azure AD in the connector section. Is this some sort of custom action?
Any help would be greatly appreciated.
- Thijs LecomteBronze Contributor
Hi
Have you seen this play book?https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Block-AADUser
YOu can deploy it in your own environment- Rod_TrentMicrosoft
Thijs Lecomte Good catch. This specific Playbook is located here: https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Block-AADUser
You can use that as a template to determine how that step is accomplished or just use it as is.
- GaryBusheyBronze Contributor
Thijs Lecomte Was there supposed to be a link or attachment in your reply?
- Thijs LecomteBronze ContributorYes indeed. Rod_Trent got the right one 🙂