Skip to main content
All CollectionsTemplatesBasic
Verify Azure AD Audit Sign-Ins from Allowed Regions - Workflow Template
Verify Azure AD Audit Sign-Ins from Allowed Regions - Workflow Template

Retrieve Azure AD Audit logs for Sign-Ins and compare against specific allowed regions. If a violation occurs notify a Slack channel.

Updated over a week ago

This workflow template manages identity and access by retrieving Azure Active Directory Audit logs and analyzing sign-ins against pre-defined allowed regions. It ensures security compliance by detecting and alerting on sign-ins from unauthorized locations. On identifying any such irregularities, it automatically notifies a designated Slack channel with the details of the non-compliant sign-in event, enabling swift response to potential security issues.

Take Me to the Template

Use Cases

Identity and Access Management , Suspicious User Activity

Workflow Breakdown

  1. Retrieve the Azure AD Audit logs for the time period

  2. Loop over each sign-in and compare against the specific allowed regions

  3. If a violation is found, notify the Slack channel and provide sign-in details.

Vendors

Utils, HTTP, Microsoft 365, Microsoft Teams Bot

Workflow Output

On violation, update the Slack channel

Related Articles
Alert on Google Login Activity Outside of Allowed Regions - Workflow Template
Add/Remove Azure AD User from Global Address List(Azure AD) - Workflow Template
Offboard SaaS User from Grip on Trigger from Hibob - Workflow Template
Handle Wiz Alert for Public Azure Container with Sensitive Data - Workflow Template
Did this answer your question?