This workflow template allows for the immediate suspension of potentially compromised user accounts in Azure Active Directory via a message in Microsoft Teams. When an account is identified as at risk, this workflow guides the authorized requester through the necessary steps to verify permission, disable the compromised account, clear any existing sessions, and reset the password, ensuring prompt containment and mitigation of any potential threat to the system's security.
Trigger
Microsoft Teams Bot
Optional Triggers
Slack,Webhook
Use Cases
Identity and Access Management , Suspicious User Activity
Workflow Breakdown
Receive a message from Microsoft Teams to disable a user
Execute the nested workflow to confirm the user executing the workflow has permissions
Gather the user details and notify the user running the workflow
Disable the user, clear any sessions the user has, and reset the users password.
Vendors
Utils, Microsoft Azure AD, Microsoft 365, Microsoft Teams Bot
Workflow Output
Message output to the conversation in Microsoft Teams on the verdict of the actions on the user.
Tips
Setup the nested workflow with the workflow name and user email as needed for permissions