Forum Discussion
Is there a playbook to deploy for users to complete MFA if there sign in is detected as being risky
Hi,
Is there a playbook to deploy for users to complete MFA if their sign-in is detected as being risky or suspicious? If it is, how to test it?
printscreen There is a playbook in the Azure Sentinel Github playbook repository, Azure-Sentinel/Playbooks at master · Azure/Azure-Sentinel · GitHub, called "Confirm-AADRiskyUser" that may work for you or at least give you a good starting point.
Hey,
Not really sure if this is the answer on your question, but with Azure AD Identity Protection you can create policies based on the sign-in risk or the user risk levels.This is also integrated with Conditional Access, so you can more specific policies what should happen when a user sign-ins with a specific risk level.
You can read more about Identity Protection here
You can read more about risk-based conditional access here
Pontus Själander, Thanks for your response. I was searching for if we have any automated playbooks to implement in sentinel.
printscreen Mark user accounts as compromised using Logic Apps. How do you use conditional access to enforce MFA on high-risk accounts?
