Skip to main content
All CollectionsTemplatesBasic
Verify Entra ID (ex-Azure AD) Audit Sign-Ins from Allowed Regions - Workflow Template
Verify Entra ID (ex-Azure AD) Audit Sign-Ins from Allowed Regions - Workflow Template

Retrieve Entra ID Audit logs for Sign-Ins and compare against specific allowed regions. If a violation occurs notify a Slack channel.

Updated over 2 months ago

This workflow template enforces regional access policies for sign-ins by retrieving Entra ID (ex-Azure AD) audit logs and analyzing them for compliance with designated allowed regions. If discrepancies are identified, such as a user signing in from a disallowed area, the system triggers an alert to a specified Slack channel with the sign-in details, enhancing security by enabling rapid response to potential breaches.

Take Me to the Template

Use Cases

Identity and Access Management , Suspicious User Activity

Workflow Breakdown

  1. Retrieve the Entra ID (ex-Azure AD) Audit logs for the time period

  2. Loop over each sign-in and compare against the specific allowed regions

  3. If a violation is found, notify the Slack channel and provide sign-in details.

Vendors

Utils, HTTP, Microsoft 365, Microsoft Teams Bot

Workflow Output

On violation, update the Slack channel

Related Articles
Alert on Google Login Activity Outside of Allowed Regions - Workflow Template
Add/Remove Entra ID User from Global Address List (ex-Azure AD) - Workflow Template
Just-in-time access to Group Membership in Entra ID (ex-Azure AD) - Workflow Template
List All Groups with Pagination on Entra ID (ex-Azure AD) - Workflow Template
List All Users with Pagination on Entra ID (ex-Azure AD) - Workflow Template
Did this answer your question?