Azure Active Directory - Investigation
- 02 Apr 2025
- 1 Minute to read
- DarkLight
- PDF
Azure Active Directory - Investigation
- Updated on 02 Apr 2025
- 1 Minute to read
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback!
Azure Active Directory - Investigation
Description
Azure Active Directory (AAD) Investigation is an automated solution that helps organizations investigate and respond to security incidents related to their AAD environment. With AAD Investigation, organizations can quickly identify potential threats, investigate suspicious activity, and take corrective action. It provides an easy-to-use interface that allows users to quickly review and analyze logs, detect and investigate suspicious activity, and take corrective action. AAD Investigation is powered by the Microsoft Cloud App Security platform and leverages the power of the Microsoft Graph Security API to provide real-time insights into user and resource activity. It also integrates with other security solutions such as Azure Security Center, Azure Sentinel, and Microsoft Defender ATP to provide a comprehensive view of security incidents. With AAD Investigation, organizations can easily detect, investigate, and respond to security incidents quickly and efficiently.
Trigger Request
HTTP Post Request
Headers:
| Key | Value |
|---|---|
| Content-Type | application/json |
- Json body parameters:
| Parameters | Type | Description |
|---|---|---|
| accessToken | string | Microsoft graph token. Retrieved from Microsoft_graph_base_token flow. |
| alertId | string | The CDC alert ID to send the flow output to. |
| threadId | string | The message thread to send the flow output to. |
| userActivity | array | User sign-in activity, including the specified columns. |
Supported CDC Versions
- 2.8
Was this article helpful?