Sarah Young
GitHub
Коммит
2253cd10b4
|
|
@ -0,0 +1,228 @@
|
|||
# Automatically disable Active Directory User Account On-Prem and on Azure using a Playbook triggered in Azure
|
||||
|
||||
|
||||
|
||||
|
||||
Many organizations have an on premises Active Directory infrastructure that is synced to Azure cloud. However, given that the on-prem component is the authoritative source of truth, any changes, such as disabling a user in the cloud (Azure AD), are overridden by the setting defined in the on-prem AD in the next scheduled sync. This presents challenges when you want to orchestrate a user setting change from Azure that needs to persist even after the sync happens. To address the problem, this solution leverages Azure Automation Accounts and Hybrid Worker features across Windows & Azure. Automation Accounts are used to perform cloud-based automation across Azure and non-Azure environments. For non-Azure environments such as an On-Premises Active Directory, an Automation Hybrid Worker is required in addition to the Automation Account to be able to issue commands to the On-Premises Active Directory from Azure.
|
||||
|
||||
|
||||
## Deployment Steps
|
||||
|
||||
<em> Before you begin review the pre-requisites of deploying a Hybrid Runbook Worker here: [ https://docs.microsoft.com/azure/automation/automation-windows-hrw-install ] </em>
|
||||
|
||||
Create an Automation Account and link it with the Log Analytics Workspace
|
||||
|
||||
|
||||
i. Create an Automation Account from the Azure Portal
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
ii. Deploy the Automation Hybrid Worker solution from the Azure Market place
|
||||
|
||||
|
||||
|
||||
### Link a Log Analytics Workspace to your Automation Account
|
||||
Link the Log Analytics workspace to an automation account using the “Change Tracking” menu item on the list. If the Log Analytics workspace is in either East US or East US2 then you need to use the region mapping in the following link to select the location of your automation account: [https://docs.microsoft.com/azure/automation/how-to/region-mappings]
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
From the same Automation Account menu, create a Hybrid Worker Group
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
It is highly recommended that the permissions of the account used above be restricted to the minimum required to disable user accounts using the Delegation userAccountControl bit mask. More details can be found here: [https://docs.microsoft.com/troubleshoot/windows-server/identity/useraccountcontrol-manipulate-account-properties]
|
||||
|
||||
|
||||
To create a new PowerShell Runbook navigate to you Automation Account and select the Runbooks blade.
|
||||
|
||||
|
||||
|
||||
Select PowerShell from the Runbook type menu and paste the below script in the resulting window. Click save then publish to activate the Runbook.
|
||||
Note: the script also includes code to report an error in case of a failure in the process of disabling the account:
|
||||
|
||||
|
||||
|
||||
|
||||
Create a new PowerShell Runbook with the below script, save and publish it. In case of a failure in the process of disabling the account then the script will notify you as well:
|
||||
|
||||
Param (
|
||||
[string] $SAMAccountName
|
||||
)
|
||||
|
||||
if (Get-Module -ListAvailable -Name ActiveDirectory) {
|
||||
Write-Output "ActiveDirectory PowerShell module already exists on host."
|
||||
}
|
||||
else {
|
||||
Write-Output "ActiveDirectory PowerShell module does not exist on host. Installing..."
|
||||
try {
|
||||
Import-Module ActiveDirectory
|
||||
}
|
||||
catch{
|
||||
Write-Error "Error installing ActiveDirectory PowerShell module."
|
||||
throw $_
|
||||
break
|
||||
}
|
||||
|
||||
Write-Output "ActiveDirectory PowerShell module installed."
|
||||
}
|
||||
Write-Output "Finding and disabling user $SAMAccountName"
|
||||
try {
|
||||
Get-ADUser -Identity $SAMAccountName | Disable-ADAccount
|
||||
}
|
||||
catch {
|
||||
Write-Error "Error disabling user account $SAMAccountName"
|
||||
throw $_
|
||||
break
|
||||
}
|
||||
Write-Output "Successfully disabled user account $SAMAccountName"
|
||||
|
||||
|
||||
The script takes in a SAMAccountName parameter which it uses to find the appropriate user and disable the account. This script can be modified to do a variety of other tasks, such as password resets, adding/removing users to/from groups, etc.
|
||||
|
||||
|
||||
|
||||
|
||||
Create a test user in Active Direcroty then perform the steps in the on-prem machine to install the Hybrid Worker feature
|
||||
|
||||
Deploy the below script from this URL: PowerShell Gallery | New-OnPremiseHybridWorker 1.7 . Depending on the PowerShell module currently installed on your machine you may need manually download the file. If you do so, you will need to rename the extension to a .zip file first then extract to the directory where you’ll execute the script from.
|
||||
|
||||
This script performs the following actions:
|
||||
1) Install the necessary modules
|
||||
2) Login to an Azure account
|
||||
3) Check for the resource group and automation account
|
||||
4) Create references to automation account attributes
|
||||
5) Create an Log Analytics Workspace if needed
|
||||
6) Enable the Azure Automation solution in Log Analytics
|
||||
7) Download and install the Microsoft Monitoring Agent
|
||||
8) Register the machine as hybrid worker
|
||||
|
||||
|
||||
|
||||
|
||||
To register your HybridWorker in Azure add the details of your hybrid runbook into the parameters to be passed to the creation command execute the below statement at your PowerShell prompt:
|
||||
$NewOnPremiseHybridWorkerParameters = @{
|
||||
AutomationAccountName = "iwauto"
|
||||
AAResourceGroupName = "AD-Onprem"
|
||||
OMSResourceGroupName = "AD-Onprem"
|
||||
HybridGroupName = "AutoGroup"
|
||||
SubscriptionID = "xxxxxxxxxxxxxxxx"
|
||||
WorkspaceName = "iwautola"}
|
||||
|
||||
From the same PowerShell command prompt type: Install-Script -Name New-OnPremiseHybridWorker which will use parameters specified above
|
||||
This command will open a log on screen to Azure Portal to register the Hybrid Worker in Azure
|
||||
|
||||
|
||||
The command will use parameters specified above to register your HybridWorker Group in your Azure Subscription. You can learn more about the process of deploying Hybrid Workers here: [https://docs.microsoft.com/azure/automation/automation-windows-hrw-install]
|
||||
|
||||
The command will open a log on screen in Azure Portal to register the Hybrid Worker in Azure
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
To confirm successful registration, navigate to your automation account then select Hybrid worker groups. You should see the recently registered Hybrid Worker group in the list per below screen shot.
|
||||
|
||||
|
||||
|
||||
<em> If you get the error indicating that the PowerShell file is not digitally signed, then you will need to execute the command below:
|
||||
|
||||
Set-ExecutionPolicy RemoteSigned
|
||||
You may still have to unblock the file in case chnaging the execution policy alone does not work. The command to do this is from a PowerShell prompt is:
|
||||
Unblock-File -Path .\New-OmPremiseHybridWorker.ps1
|
||||
|
||||
More details here: Set-ExecutionPolicy (Microsoft.PowerShell.Security) [https://docs.microsoft.com/powershell/module/microsoft.powershell.security/set-executionpolicy?view=powershell-7.1]
|
||||
|
||||
It is also recommended that you use TLS versions more recent than 1.0 and 1.1. For this reason you may be required to run the below command as well:
|
||||
|
||||
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
|
||||
</em>
|
||||
|
||||
|
||||
|
||||
You can learn more about the process of deploying Hybrid Workers here: [https://docs.microsoft.com/azure/automation/automation-windows-hrw-install]
|
||||
|
||||
On successful registration you should see an output similar to the below:
|
||||
|
||||
|
||||
|
||||
To confirm successful registration, navigate to your automation account then select Hybrid worker groups. You should see the recently registered hybrid worker group in the list per below screen shot.
|
||||
|
||||
|
||||
|
||||
|
||||
### Test the Runbook
|
||||
To ensure the Runbook is working ok before integrating with a Logic App, execute the Runbook manually from the Azure Portal and specify a test account in the SAMAccountName box, select HybridWorker in the Run Settings section and then choose your Hybrid Worker group name from the drop-down list:
|
||||
|
||||
|
||||
|
||||
### Steps to orchestrate from Azure Sentinel/Logic Apps
|
||||
Below is the structure of the orchestration Logic App that triggers the runbook to disable qualifying accounts from the On-Prem AD. With this action the next on-prem to cloud AD sync will maintain the state on the account – in this case disabled, until the setting is reversed from the on-prem Active Directory.
|
||||
|
||||
## High-Level structure of the Playbook
|
||||
|
||||
|
||||
|
||||
## Detailed structre of the Playbook:
|
||||
## Extract enitty details (to capture user ID) following trigger execuiton
|
||||
|
||||
|
||||
|
||||
Parse the JSON output from the Entities-Get Actions step above in order to extract the Azure User ID and SAM Account name needed to perform disable operations-first on Azure then on the On-Prem Active directory.
|
||||
|
||||
|
||||
|
||||
|
||||
## Disable Account in Azure AD
|
||||
|
||||
|
||||
|
||||
|
||||
## Create Hybrid Automation Job
|
||||
|
||||
|
||||
The string function below is contained in the 'Runbook Parameter SamAccountName' above is needed to extract the SAMAccount from the UPN of the user as the On-Prem AD can only act on the User ID when specified in this format:
|
||||
|
||||
substring(body('Parse_JSON')?['Name'], 0, sub(length(body('Parse_JSON')?['Name']),indexOf(body('Parse_JSON')?['Name'],'@')))
|
||||
|
||||
|
||||
To simulate the block orchestration from Azure Sentinel, you may use the below sample query to create an Analytics rule that will detect a failed log on due to a wrong password entered on Azure AD portal
|
||||
|
||||
SigninLogs
|
||||
| where Location == "KE" and Identity contains "[mytestaccount]" and ResultType =="50126"
|
||||
| extend AccountCustomEntity = AlternateSignInName
|
||||
|
||||
|
||||
|
||||
|
||||
Troubleshooting guide for Hybrid Runbook Workers can be found here : [https://docs.microsoft.com/azure/automation/troubleshoot/hybrid-runbook-worker]
|
||||
|
||||
|
||||
<em>Special thanks to @Hazem El Shabini for his valuable collaboration in building the Playbook & @Yaniv Shasha for suggestions to enhance the solution.</em>
|
||||
|
||||
|
||||
|
||||
<a href="https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FPlaybooks%2FBlock-OnPremADUSer%2Fazuredeploy.json" target="_blank">
|
||||
<img src="https://aka.ms/deploytoazurebutton"/>
|
||||
</a>
|
||||
<a href="https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FPlaybooks%2Block-OnPremADUSer%2Fazuredeploy.json" target="_blank">
|
||||
<img src="https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/1-CONTRIBUTION-GUIDE/images/deploytoazuregov.png"/>
|
||||
</a>
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
|
@ -0,0 +1,406 @@
|
|||
{
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "1.0.0.0",
|
||||
"metadata": {
|
||||
"comments": "This playbook will disable a user in Azure & On-Prem Active Directory, add a comment to the incident & send out an E-mail reporting the block operation's outcome",
|
||||
"author": "Innocent Wafula, Hazem Elshabini"
|
||||
},
|
||||
"parameters": {
|
||||
"logicAppName": {
|
||||
"type": "string",
|
||||
"defaultValue": "BlockADOnPremUser",
|
||||
"minLength": 1,
|
||||
"maxLength": 80,
|
||||
"metadata": {
|
||||
"description": "Name of the Logic App."
|
||||
}
|
||||
},
|
||||
"userName": {
|
||||
"type": "string",
|
||||
"defaultValue": "",
|
||||
"minLength": 1,
|
||||
"maxLength": 80,
|
||||
"metadata": {
|
||||
"description": "Your company email address."
|
||||
}
|
||||
},
|
||||
"automationAccountRG": {
|
||||
"type": "string",
|
||||
"defaultValue": "",
|
||||
"minLength": 1,
|
||||
"maxLength": 80,
|
||||
"metadata": {
|
||||
"description": "Resource Group where the Azure Automation Account exists."
|
||||
}
|
||||
},
|
||||
"automationAccountName": {
|
||||
"type": "string",
|
||||
"defaultValue": "",
|
||||
"minLength": 1,
|
||||
"maxLength": 80,
|
||||
"metadata": {
|
||||
"description": "Name of the Azure Automation Account."
|
||||
}
|
||||
},
|
||||
"runbookName": {
|
||||
"type": "string",
|
||||
"defaultValue": "",
|
||||
"minLength": 1,
|
||||
"maxLength": 80,
|
||||
"metadata": {
|
||||
"description": "Name of the Azure Automation Runbook to be executed."
|
||||
}
|
||||
},
|
||||
"hybridAutomationGroup": {
|
||||
"type": "string",
|
||||
"defaultValue": "",
|
||||
"minLength": 1,
|
||||
"maxLength": 80,
|
||||
"metadata": {
|
||||
"description": "Name of the Hybrid Automation Group on which the Runbook will be executed."
|
||||
}
|
||||
},
|
||||
"mailList": {
|
||||
"type": "string",
|
||||
"defaultValue": "",
|
||||
"minLength": 1,
|
||||
"maxLength": 300,
|
||||
"metadata": {
|
||||
"description": "Semi-colon separated list of recepients to be notified of LogicApp activities."
|
||||
}
|
||||
}
|
||||
},
|
||||
"variables": {
|
||||
"AzureAutomationAccountConnectionName": "[concat('azureautomation-', parameters('logicAppName'))]",
|
||||
"AzureSentinelConnectionName": "[concat('azuresentinel-', parameters('logicAppName'))]",
|
||||
"Office365ConnectionName": "[concat('office365-', parameters('logicAppName'))]",
|
||||
"AzureADConnectionName": "[concat('azuread-', parameters('logicAppName'))]"
|
||||
},
|
||||
"resources": [
|
||||
{
|
||||
"type": "Microsoft.Web/connections",
|
||||
"apiVersion": "2016-06-01",
|
||||
"name": "[variables('AzureAutomationAccountConnectionName')]",
|
||||
"location": "[resourceGroup().location]",
|
||||
"properties": {
|
||||
"displayName": "[parameters('userName')]",
|
||||
"customParameterValues": {},
|
||||
"api": {
|
||||
"id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/azureautomation')]"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"type": "Microsoft.Web/connections",
|
||||
"apiVersion": "2016-06-01",
|
||||
"name": "[variables('AzureSentinelConnectionName')]",
|
||||
"location": "[resourceGroup().location]",
|
||||
"properties": {
|
||||
"displayName": "[parameters('userName')]",
|
||||
"customParameterValues": {},
|
||||
"api": {
|
||||
"id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/azuresentinel')]"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"type": "Microsoft.Web/connections",
|
||||
"apiVersion": "2016-06-01",
|
||||
"name": "[variables('Office365ConnectionName')]",
|
||||
"location": "[resourceGroup().location]",
|
||||
"properties": {
|
||||
"displayName": "[parameters('userName')]",
|
||||
"customParameterValues": {},
|
||||
"api": {
|
||||
"id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/office365')]"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"type": "Microsoft.Web/connections",
|
||||
"apiVersion": "2016-06-01",
|
||||
"name": "[variables('AzureADConnectionName')]",
|
||||
"location": "[resourceGroup().location]",
|
||||
"properties": {
|
||||
"displayName": "[parameters('userName')]",
|
||||
"customParameterValues": {},
|
||||
"api": {
|
||||
"id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/azuread')]"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"type": "Microsoft.Logic/workflows",
|
||||
"apiVersion": "2017-07-01",
|
||||
"name": "[parameters('logicAppName')]",
|
||||
"location": "[resourceGroup().location]",
|
||||
"dependsOn": [
|
||||
"[resourceId('Microsoft.Web/connections',variables('AzureSentinelConnectionName'))]",
|
||||
"[resourceId('Microsoft.Web/connections',variables('Office365ConnectionName'))]",
|
||||
"[resourceId('Microsoft.Web/connections',variables('AzureAutomationAccountConnectionName'))]",
|
||||
"[resourceId('Microsoft.Web/connections',variables('AzureADConnectionName'))]"
|
||||
],
|
||||
"properties": {
|
||||
"state": "Enabled",
|
||||
"definition": {
|
||||
"$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
|
||||
"contentVersion": "1.0.0.0",
|
||||
"parameters": {
|
||||
"$connections": {
|
||||
"defaultValue": {},
|
||||
"type": "Object"
|
||||
}
|
||||
},
|
||||
"triggers": {
|
||||
"When_a_response_to_an_Azure_Sentinel_alert_is_triggered": {
|
||||
"type": "ApiConnectionWebhook",
|
||||
"inputs": {
|
||||
"body": {
|
||||
"callback_url": "@{listCallbackUrl()}"
|
||||
},
|
||||
"host": {
|
||||
"connection": {
|
||||
"name": "@parameters('$connections')['azuresentinel']['connectionId']"
|
||||
}
|
||||
},
|
||||
"path": "/subscribe"
|
||||
}
|
||||
}
|
||||
},
|
||||
"actions": {
|
||||
"Alert_-_Get_incident": {
|
||||
"runAfter": {},
|
||||
"type": "ApiConnection",
|
||||
"inputs": {
|
||||
"host": {
|
||||
"connection": {
|
||||
"name": "@parameters('$connections')['azuresentinel']['connectionId']"
|
||||
}
|
||||
},
|
||||
"method": "get",
|
||||
"path": "/Incidents/subscriptions/@{encodeURIComponent(triggerBody()?['WorkspaceSubscriptionId'])}/resourceGroups/@{encodeURIComponent(triggerBody()?['WorkspaceResourceGroup'])}/workspaces/@{encodeURIComponent(triggerBody()?['WorkspaceId'])}/alerts/@{encodeURIComponent(triggerBody()?['SystemAlertId'])}"
|
||||
}
|
||||
},
|
||||
"Entities_-_Get_Accounts": {
|
||||
"runAfter": {
|
||||
"Alert_-_Get_incident": [
|
||||
"Succeeded"
|
||||
]
|
||||
},
|
||||
"type": "ApiConnection",
|
||||
"inputs": {
|
||||
"body": "@triggerBody()?['Entities']",
|
||||
"host": {
|
||||
"connection": {
|
||||
"name": "@parameters('$connections')['azuresentinel']['connectionId']"
|
||||
}
|
||||
},
|
||||
"method": "post",
|
||||
"path": "/entities/account"
|
||||
}
|
||||
},
|
||||
"For_each": {
|
||||
"foreach": "@body('Entities_-_Get_Accounts')?['Accounts']",
|
||||
"actions": {
|
||||
"Condition": {
|
||||
"actions": {
|
||||
"Add_comment_to_incident_(V3)": {
|
||||
"runAfter": {
|
||||
"Send_an_email_(V2)": [
|
||||
"Succeeded"
|
||||
]
|
||||
},
|
||||
"type": "ApiConnection",
|
||||
"inputs": {
|
||||
"body": {
|
||||
"incidentArmId": "@body('Alert_-_Get_incident')?['id']",
|
||||
"message": "<p>User Blocked on On-prem AD</p>"
|
||||
},
|
||||
"host": {
|
||||
"connection": {
|
||||
"name": "@parameters('$connections')['azuresentinel']['connectionId']"
|
||||
}
|
||||
},
|
||||
"method": "post",
|
||||
"path": "/Incidents/Comment"
|
||||
}
|
||||
},
|
||||
"Send_an_email_(V2)": {
|
||||
"runAfter": {},
|
||||
"type": "ApiConnection",
|
||||
"inputs": {
|
||||
"body": {
|
||||
"Body": "<p>@{items('For_each')?['Name']} successfully disabled on Azure and On-Prem AD<br>\n</p>",
|
||||
"Importance": "High",
|
||||
"Subject": "User: @{body('Parse_JSON')?['Name']} Successfully Disabled",
|
||||
"To": "[parameters('mailList')]"
|
||||
},
|
||||
"host": {
|
||||
"connection": {
|
||||
"name": "@parameters('$connections')['office365']['connectionId']"
|
||||
}
|
||||
},
|
||||
"method": "post",
|
||||
"path": "/v2/Mail"
|
||||
}
|
||||
}
|
||||
},
|
||||
"runAfter": {
|
||||
"Create_job": [
|
||||
"Succeeded"
|
||||
]
|
||||
},
|
||||
"else": {
|
||||
"actions": {
|
||||
"Send_an_email_(V2)_2": {
|
||||
"runAfter": {},
|
||||
"type": "ApiConnection",
|
||||
"inputs": {
|
||||
"body": {
|
||||
"Body": "<p>An error has occured while trying to disable user with SAM ID: <br>\n@{body('Parse_JSON')?['Name']}<br>\n<br>\nCheck the following details in the Runbook logs in the Azure Portal<br>\n@{body('Create_job')?['id']}</p>",
|
||||
"Subject": "Failed to disable @{body('Parse_JSON')?['Name']}",
|
||||
"To": "[parameters('mailList')]"
|
||||
},
|
||||
"host": {
|
||||
"connection": {
|
||||
"name": "@parameters('$connections')['office365']['connectionId']"
|
||||
}
|
||||
},
|
||||
"method": "post",
|
||||
"path": "/v2/Mail"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"expression": {
|
||||
"and": [
|
||||
{
|
||||
"not": {
|
||||
"equals": [
|
||||
"@body('Create_job')?['properties']?['status']",
|
||||
"Failed"
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"type": "If"
|
||||
},
|
||||
"Create_job": {
|
||||
"runAfter": {
|
||||
"Disable_Account_on_Azure_AD": [
|
||||
"Succeeded"
|
||||
]
|
||||
},
|
||||
"type": "ApiConnection",
|
||||
"inputs": {
|
||||
"body": {
|
||||
"properties": {
|
||||
"parameters": {
|
||||
"SamAccountName": "@{substring(body('Parse_JSON')?['Name'],0,indexOf(body('Parse_JSON')?['Name'],'@'))}"
|
||||
},
|
||||
"runOn": "[parameters('hybridAutomationGroup')]"
|
||||
}
|
||||
},
|
||||
"host": {
|
||||
"connection": {
|
||||
"name": "@parameters('$connections')['azureautomation']['connectionId']"
|
||||
}
|
||||
},
|
||||
"method": "put",
|
||||
"path": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', parameters('automationAccountRG'), '/providers/Microsoft.Automation/automationAccounts/', parameters('automationAccountName'), '/jobs')]",
|
||||
"queries": {
|
||||
"runbookName": "[parameters('runbookName')]",
|
||||
"wait": true,
|
||||
"x-ms-api-version": "2015-10-31"
|
||||
}
|
||||
}
|
||||
},
|
||||
"Disable_Account_on_Azure_AD": {
|
||||
"runAfter": {
|
||||
"Parse_JSON": [
|
||||
"Succeeded"
|
||||
]
|
||||
},
|
||||
"type": "ApiConnection",
|
||||
"inputs": {
|
||||
"body": {
|
||||
"accountEnabled": false
|
||||
},
|
||||
"host": {
|
||||
"connection": {
|
||||
"name": "@parameters('$connections')['azuread']['connectionId']"
|
||||
}
|
||||
},
|
||||
"method": "patch",
|
||||
"path": "/v1.0/users/@{encodeURIComponent(body('Parse_JSON')?['AadUserId'])}"
|
||||
}
|
||||
},
|
||||
"Parse_JSON": {
|
||||
"runAfter": {},
|
||||
"type": "ParseJson",
|
||||
"inputs": {
|
||||
"content": "@items('For_each')",
|
||||
"schema": {
|
||||
"properties": {
|
||||
"$id": {
|
||||
"type": "string"
|
||||
},
|
||||
"AadUserId": {
|
||||
"type": "string"
|
||||
},
|
||||
"DisplayName": {
|
||||
"type": "string"
|
||||
},
|
||||
"Name": {
|
||||
"type": "string"
|
||||
},
|
||||
"Type": {
|
||||
"type": "string"
|
||||
}
|
||||
},
|
||||
"type": "object"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"runAfter": {
|
||||
"Entities_-_Get_Accounts": [
|
||||
"Succeeded"
|
||||
]
|
||||
},
|
||||
"type": "Foreach"
|
||||
}
|
||||
},
|
||||
"outputs": {}
|
||||
},
|
||||
"parameters": {
|
||||
"$connections": {
|
||||
"value": {
|
||||
"azureautomation": {
|
||||
"connectionId": "[resourceId('Microsoft.Web/connections', variables('AzureAutomationAccountConnectionName'))]",
|
||||
"connectionName": "[variables('AzureAutomationAccountConnectionName')]",
|
||||
"id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/azureautomation')]"
|
||||
},
|
||||
"azuresentinel": {
|
||||
"connectionId": "[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]",
|
||||
"connectionName": "[variables('AzureSentinelConnectionName')]",
|
||||
"id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/azuresentinel')]"
|
||||
},
|
||||
"office365": {
|
||||
"connectionId": "[resourceId('Microsoft.Web/connections', variables('Office365ConnectionName'))]",
|
||||
"connectionName": "[variables('Office365ConnectionName')]",
|
||||
"id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/office365')]"
|
||||
},
|
||||
"azuread": {
|
||||
"connectionId": "[resourceId('Microsoft.Web/connections', variables('AzureADConnectionName'))]",
|
||||
"connectionName": "[variables('AzureADConnectionName')]",
|
||||
"id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/azuread')]"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 207 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 39 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 111 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 63 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 85 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 62 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 151 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 73 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 91 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 288 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 33 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 288 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 34 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 122 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 127 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 44 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 21 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 28 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 29 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 34 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 21 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 24 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 31 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 32 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 48 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 99 KiB |
Загрузка…
Ссылка в новой задаче