circle-info
Welcome to the new Logpoint documentation portal! Can’t find what you’re looking for?
Logpoint Documentationarrow-up-right
search

Azure Block All International Access Policy Changes

Azure_Block All International Access Policy Changes checks for changes in the list of users in the access policy. It investigates all the users excluded from the access policy and creates a ticket in Freshdesk ticketing system based on the change.

1. Trigger: It retrieves all required parameters and triggers the playbook to run in scheduled intervals of time.

2. API: It uses Microsoft's Graph API to authenticate to Azure Policy.

3. Script: It uses a Python script to encode the policy using utf-8 format.

4. Script: It uses a Python script to calculate the present time and the time that is four hours behind the present time.

5. API: It uses Azure's API to get access policy change logs to check for changes in the policy.

6. API: It uses Azure's API to get the conditional access policy.

7. Filter: It filters the result from the change log and extracts the changed value.

8. If Then: It checks if the change log value is empty or not. If it's empty, it creates a case. If not, it continues the investigation.

9. Filter:It filters out users who did not change the access policy.

10. Script: It runs a Python script to detect the added and removed users from the access policy.

11. If Then: It checks if the change was detected in the Script action block.

12. Filter: It filters the added users by their ID.

13. Filter: It filters the removed users by their ID.

14. For Each: It loops through each added user.

15. For Each: It loops through each removed user.

16. Playbook: It runs a sub-playbook 0365_AD_User_Details that retrieves each added user's information.

17. Playbook: It runs a sub-playbook 0365_AD_User_Details that retrieves each removed user's information.

18. Filter: It filters the user list to include all the added users.

19. Filter: It filters the user list to include all the removed users.

20. Script: It runs a Python script to prepare incident details, and added/removed user list.

21. Case Item: It creates a case about no change in the users list.

22. Format: It takes the result from the Script block and formats the result in HTML format.

23. Script: It uses a Python script to clean the message format.

24. Case Item: It takes the formatted change summary and writes a case item about the changed access policy.

25. API: It uses Freshdesk API to create a ticket about the change of user in the access policy.

26. End: It ends the playbook.

Last updated

Was this helpful?