Block user in Onprem NVA

%3CLINGO-SUB%20id%3D%22lingo-sub-2017771%22%20slang%3D%22en-US%22%3EBlock%20user%20in%20Onprem%20NVA%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2017771%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20looking%20for%20a%20playbook%20which%20block%20the%20user%20identity%20in%20on-premises%20Network%20Virtual%20Appliance%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2017978%22%20slang%3D%22en-US%22%3ERe%3A%20Block%20user%20in%20Onprem%20NVA%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2017978%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F912700%22%20target%3D%22_blank%22%3E%40Reddy585%3C%2FA%3E%26nbsp%3BWithout%20knowing%20what%20NVA%20you%20are%20using%20it%20would%20be%20very%20difficult%20to%20point%20you%20in%20the%20correct%20direction.%26nbsp%3B%20%26nbsp%3BWith%20that%20being%20said%2C%20take%20a%20look%20at%20the%20listing%20of%20playbooks%20in%20the%20Azure%20Sentinel%20GitHub%20repository%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2018077%22%20slang%3D%22en-US%22%3ERe%3A%20Block%20user%20in%20Onprem%20NVA%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2018077%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F912700%22%20target%3D%22_blank%22%3E%40Reddy585%3C%2FA%3E%26nbsp%3BI%20know%20you%20can%20block%20a%20user%20via%20PowerShell%20and%20you%20can%20run%20a%20PowerShell%20script%20via%20a%20Playbook%20but%20I%20am%20not%20sure%20if%20you%20can%20use%20that%20PowerShell%20command%20in%20a%20Playbook.%26nbsp%3B%20Other%20than%20that%20I%20do%20not%20know%20if%20it%20is%20possible.%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

I am looking for a playbook which block the user identity in on-premises Network Virtual Appliance

6 Replies

@Reddy585 Without knowing what NVA you are using it would be very difficult to point you in the correct direction.   With that being said, take a look at the listing of playbooks in the Azure Sentinel GitHub repository

 

https://github.com/Azure/Azure-Sentinel

@Gary BusheyCan we block user in onprem Active Directory/ onprem Firewall using Playbook?

@Reddy585 I know you can block a user via PowerShell and you can run a PowerShell script via a Playbook but I am not sure if you can use that PowerShell command in a Playbook.  Other than that I do not know if it is possible.

Thank you.
I would recommend triggering an Automation Runbook from your Playbook, which uses a Hybrid Worker. This can interact with on-prem servers:
https://docs.microsoft.com/en-us/azure/automation/automation-hybrid-runbook-worker
Thank you I let you know the result once I have done my testing