Skip to main content
All CollectionsTemplatesBasic
Verify Entra ID (ex-Azure AD) Audit Sign-Ins from Allowed Regions - Workflow Template
Verify Entra ID (ex-Azure AD) Audit Sign-Ins from Allowed Regions - Workflow Template

Retrieve Entra ID Audit logs for Sign-Ins and compare against specific allowed regions. If a violation occurs notify a Slack channel.

Updated over a week ago

This workflow template enforces regional access policies for sign-ins by retrieving Entra ID (ex-Azure AD) audit logs and analyzing them for compliance with designated allowed regions. If discrepancies are identified, such as a user signing in from a disallowed area, the system triggers an alert to a specified Slack channel with the sign-in details, enhancing security by enabling rapid response to potential breaches.

Use Cases

Identity and Access Management , Suspicious User Activity

Workflow Breakdown

  1. Retrieve the Entra ID (ex-Azure AD) Audit logs for the time period

  2. Loop over each sign-in and compare against the specific allowed regions

  3. If a violation is found, notify the Slack channel and provide sign-in details.

Vendors

Utils, HTTP, Microsoft 365, Microsoft Teams Bot

Workflow Output

On violation, update the Slack channel

Did this answer your question?