Jan 18 2021 06:22 AM
Hi,
Jan 18 2021 09:53 AM
Hey,
Not really sure if this is the answer on your question, but with Azure AD Identity Protection you can create policies based on the sign-in risk or the user risk levels.
This is also integrated with Conditional Access, so you can more specific policies what should happen when a user sign-ins with a specific risk level.
You can read more about Identity Protection here
You can read more about risk-based conditional access here
Jan 18 2021 11:15 AM
@Pontus Själander, Thanks for your response. I was searching for if we have any automated playbooks to implement in sentinel.
Jan 18 2021 07:15 PM
@printscreen Mark user accounts as compromised using Logic Apps. How do you use conditional access to enforce MFA on high-risk accounts?
Jan 19 2021 06:03 AM
@printscreen There is a playbook in the Azure Sentinel Github playbook repository, Azure-Sentinel/Playbooks at master · Azure/Azure-Sentinel · GitHub, called "Confirm-AADRiskyUser" that may work for you or at least give you a good starting point.