About the Microsoft Entra ID Integration
Microsoft Entra ID (formerly Azure Active Directory) is Microsoft’s cloud-based identity and access management service, providing single sign-on, multi-factor authentication, conditional access, and identity governance for enterprise users, applications, and devices at global scale. As Synqly’s Identity provider, Microsoft Entra ID enables security teams to access normalized identity data—including users, groups, sign-in events, and access policies—through a standardized connector. Integrate with Microsoft Entra ID to incorporate identity and access context into your threat detection, access governance, and security operations workflows, enabling identity-aware security across your enterprise.
Integration Use Cases
Disable User
Disables a user in the identity system based on user ID.
Enable User
Reenables a disabled user in the identity system based on user ID.
Expire All User Sessions
Logs a user out of all current sessions so they must log in again.
Get Group
Returns a `Group` object wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider. Depending on the providers offerings, this may include additional group information, such as the roles assigned.
Get Group Members
Returns list of `User` objects wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider that are members in the group referenced by ID.
Get User
Returns a `User` object wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider. Depending
on the providers offerings, this may include additional user information, such as the user\\\\\\\\\\\\\\\'s current groups and roles.
Query Audit Log
Returns a list of `Event` objects from the token-linked audit log.
Query Groups
Returns a list of `Group` objects wrapped in the OCSF Entity Management event of type Read from the token-linked identity provider.
Query Risk Events
Returns identity threat / risk events (for example Microsoft Entra Identity Protection risk detections for users), normalized to OCSF.
Query Risky Users
Returns rolled-up risky user records (for example Microsoft Entra Identity Protection riskyUsers), each normalized to an OCSF Entity Management Read event.
Query Users
Returns a list of `User` objects wrapped in the OCSF Entity Management event of type Read from the token-linked identity provider.