Forum Discussion

joshzan's avatar
joshzan
Copper Contributor
Mar 10, 2020

"Block user in Azure AD" playbook action

Hi,

I am creating some playbooks and would like to include an action where the user involved in the alert it blocked. I thought this was possible using Sentinel playbooks based on the image in this tutorial.
https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook

I cannot find that action under Azure AD in the connector section. Is this some sort of custom action?
Any help would be greatly appreciated.

Resources