updating metadata for Playbooks template update

Playbooks/Block-AADUser/alert-trigger/azuredeploy.json

@@ -5,6 +5,7 @@
         "title": "Block AAD user - Alert",
         "description": "For each account entity included in the alert, this playbook will disable the user in Azure Active Directoy, add a comment to the incident that contains this alert and notify manager if available. Note: This playbook will not disable admin user!",
         "prerequisites": "",
+        "postDeployment": ["1. Assign Microsoft Sentinel Responder role to the Playbook's managed identity.", "2. Grant User.Read.All, User.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All permissions to the managed identity.", "3. Authorize Azure AD and Office 365 Outlook Logic App connections."],
         "lastUpdateTime": "2021-11-25T00:00:00.000Z",
         "entities": [ "Account" ],
         "tags": [ "Remediation" ],

Playbooks/Block-AADUser/alert-trigger/releaseNotes.md

@@ -0,0 +1,8 @@
+### 1.1 Added manager notification action
+
+-   Added action to check if the user has a manager assigned in the Azure AD and notify the manager that the user is disabled
+-   Update to readme file - stating what API permissions are needed to be assigned to the managed identity as well as updating info that this playbook is not supporting block of the admin users in Azure AD
+
+### 1.0
+
+-   Initial version

Playbooks/Block-AADUser/incident-trigger/azuredeploy.json

@@ -5,6 +5,7 @@
         "title": "Block AAD user - Incident",
         "description": "For each account entity included in the incident, this playbook will disable the user in Azure Active Directoy, add a comment to the incident that contains this alert and notify manager if available. Note: This playbook will not disable admin user!",
         "prerequisites": "",
+        "postDeployment": ["1. Assign Microsoft Sentinel Responder role to the Playbook's managed identity.", "2. Grant User.Read.All, User.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All permissions to the managed identity.", "3. Authorize Azure AD and Office 365 Outlook Logic App connections."],
         "lastUpdateTime": "2021-11-25T00:00:00.000Z",
         "entities": [ "Account" ],
         "tags": [ "Remediation" ],

Playbooks/Block-AADUser/incident-trigger/releaseNotes.md

@@ -0,0 +1,8 @@
+### 1.1 Added manager notification action
+
+-   Added action to check if the user has a manager assigned in the Azure AD and notify the manager that the user is disabled
+-   Update to readme file - stating what API permissions are needed to be assigned to the managed identity as well as updating info that this playbook is not supporting block of the admin users in Azure AD
+
+### 1.0
+
+-   Initial version

Playbooks/Block-AADUser/releaseNotes.md

@@ -1,8 +0,0 @@
-### 1.1
-
--   Added action to check if the user has an manager assigned in the Azure AD and notifying the manager that user is disabled
--   Update to readme file - stating what API permissions are needed to be assigned to the managed identity as well as updating info that this playbook is not supporting block of the the admin users in Azure AD
-
-### 1.0
-
--   Initial version

Playbooks/Block-AADUserOrAdmin/alert-trigger/azuredeploy.json

@@ -5,6 +5,7 @@
         "title": "Block AAD user or admin - Alert",
         "description": "For each account entity included in the alert, this playbook will disable the user in Azure Active Directoy, add a comment to the incident that contains this alert and notify manager if available. Note: This playbook will disable admin users as well!",
         "prerequisites": "",
+        "postDeployment": ["1. Assign Microsoft Sentinel Responder role to the Playbook's managed identity.", "2. Grant User.Read.All, User.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All permissions to the managed identity.", "3. Assign Global Administrator role to the managed identity.", "4. Authorize Azure AD and Office 365 Outlook Logic App connections."],
         "lastUpdateTime": "2021-11-26T00:00:00.000Z",
         "entities": [
             "Account"

Playbooks/Block-AADUserOrAdmin/incident-trigger/azuredeploy.json

@@ -5,6 +5,7 @@
         "title": "Block AAD user or admin - incident",
         "description": "For each account entity included in the incident, this playbook will disable the user in Azure Active Directoy, add a comment to the incident that contains this alert and notify manager if available. Note: This playbook will disable admin users as well!",
         "prerequisites": "",
+        "postDeployment": ["1. Assign Microsoft Sentinel Responder role to the Playbook's managed identity.", "2. Grant User.Read.All, User.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All permissions to the managed identity.", "3. Assign Global Administrator role to the managed identity.", "4. Authorize Azure AD and Office 365 Outlook Logic App connections."],
         "lastUpdateTime": "2021-11-26T00:00:00.000Z",
         "entities": [
             "Account"

Playbooks/Block-AADUserOrAdmin/readme.md

@@ -59,7 +59,7 @@ New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.Obje
 -ResourceId $GraphServicePrincipal.ObjectId -Id $AppRole4.Id
 ```
 
-3. Assign Global Administrator role from Azure Active Directory > Roles and administrators, search for Global Administrator and assign role to the playbook Managed Identity (Block-AADUserOrAdmin-Incident or Block-AADUserOrAdmin-Alert)
+3. Assign Global Administrator role to the managed identity. From Azure Active Directory > Roles and administrators, search for Global Administrator and assign role to the playbook Managed Identity (Block-AADUserOrAdmin-Incident or Block-AADUserOrAdmin-Alert)
 4. Open the playbook in the Logic App Designer and authorize Azure AD and Office 365 Outlook Logic App connections<br><br>
 
 ## Screenshots