MicrosoftGraphIdentityandAccess
Use the Entra ID Identity And Access integration to manage roles and members (formerly Azure Active Directory Identity And Access).
Authentication & Identity Management · Microsoft Graph Identity and Access
Configuration parameters
app_id— Application ID (Client ID for Client credentials mode)tenant_id— Tenant ID (required for Client Credentials mode)credentials—creds_certificate— Certificate Thumbprintuse_managed_identities— Use Azure Managed Identitiesmanaged_identities_client_id—azure_ad_endpoint— Azure AD endpointincidentType— Incident typeclient_credentials— Use Client Credentials Authorization Flowinsecure— Trust any certificate (not secure)proxy— Use system proxy settingsisFetch— Fetch incidentsfirst_fetch— First Fetch Time Intervalmax_fetch— Max Fetch Incidents ReturnedincidentFetchInterval— Incidents Fetch Intervalalerts_to_fetch— Alerts to Fetchfetch_filter_expression— Fetch queryoverride_issue_severity— Override Microsoft Entra ID Protection risk levelissue_severity— Issue severity
Commands (24)
-
msgraph-identity-audit-signin-event-getRetrieve Microsoft Entra ID sign-in event.
-
msgraph-identity-auth-completeRun this command to complete the authorization process. Should be used after running the msgraph-identity-auth-start command.
-
msgraph-identity-auth-resetRun this command if for some reason you need to rerun the authentication process.
-
msgraph-identity-auth-startRun this command to start the authorization process and follow the instructions in the command results.
-
msgraph-identity-auth-testTests connectivity to Microsoft.
-
msgraph-identity-ca-policies-listRetrieve one or all Conditional Access policies from Microsoft Graph API.
-
msgraph-identity-ca-policy-createCreates a Conditional Access policy.
-
msgraph-identity-ca-policy-deleteDelete specific Conditional Access policy by ID.
-
msgraph-identity-ca-policy-updateUpdates a Conditional Access policy. By default, the command attempts to **append** values to existing list-based fields (e.g., `include_users`, `include_groups`, etc.). If a field does not support appending (i.e., it's not a list), the command **overrides** the existing value with the new one.
-
msgraph-identity-directory-role-activateActivates a role by its template ID.
-
msgraph-identity-directory-role-member-addAdds a user to a role.
-
msgraph-identity-directory-role-member-removeRemoves a user from a role.
-
msgraph-identity-directory-role-members-listGets all members in a role ID.
-
msgraph-identity-directory-roles-listLists the roles in the directory.
-
msgraph-identity-ip-named-locations-createCreate an ip named location.
-
msgraph-identity-ip-named-locations-deleteDelete an ip named location by id.
-
msgraph-identity-ip-named-locations-getRetrieve an ip named location by id.
-
msgraph-identity-ip-named-locations-listRetrieve all ip named locations.
-
msgraph-identity-ip-named-locations-updateupdate an ip named location by id.
-
msgraph-identity-protection-risks-listRetrieve all the detected risks.
-
msgraph-identity-protection-risky-user-confirm-compromisedDelete an ip named location by id.
-
msgraph-identity-protection-risky-user-dismissDelete an ip named location by id.
-
msgraph-identity-protection-risky-user-history-listRetrieve the risky users history in active directory.
-
msgraph-identity-protection-risky-user-listRetrieve the risky users in active directory.