This workflow template manages identity and access by retrieving Azure Active Directory Audit logs and analyzing sign-ins against pre-defined allowed regions. It ensures security compliance by detecting and alerting on sign-ins from unauthorized locations. On identifying any such irregularities, it automatically notifies a designated Slack channel with the details of the non-compliant sign-in event, enabling swift response to potential security issues.
Use Cases
Identity and Access Management , Suspicious User Activity
Workflow Breakdown
Retrieve the Azure AD Audit logs for the time period
Loop over each sign-in and compare against the specific allowed regions
If a violation is found, notify the Slack channel and provide sign-in details.
Vendors
Utils, HTTP, Microsoft 365, Microsoft Teams Bot
Workflow Output
On violation, update the Slack channel