Watch our latest fireside chat with Doug Cahill: Cybersecurity Integrations: The ROI Black Hole

PARTNER

Microsoft Entra ID

Microsoft | Identity

About the Microsoft Entra ID Integration

Microsoft Entra ID (formerly Azure Active Directory) is Microsoft’s cloud-based identity and access management service, providing single sign-on, multi-factor authentication, conditional access, and identity governance for enterprise users, applications, and devices at global scale. As Synqly’s Identity provider, Microsoft Entra ID enables security teams to access normalized identity data—including users, groups, sign-in events, and access policies—through a standardized connector. Integrate with Microsoft Entra ID to incorporate identity and access context into your threat detection, access governance, and security operations workflows, enabling identity-aware security across your enterprise.

Integration Use Cases

account_circle_off

Disable User

Disables a user in the identity system based on user ID.

person_add

Enable User

Reenables a disabled user in the identity system based on user ID.

logout

Expire All User Sessions

Logs a user out of all current sessions so they must log in again.

group

Get Group

Returns a `Group` object wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider. Depending on the providers offerings, this may include additional group information, such as the roles assigned.

group_search

Get Group Members

Returns list of `User` objects wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider that are members in the group referenced by ID.

account_circle

Get User

Returns a `User` object wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider. Depending
on the providers offerings, this may include additional user information, such as the user\\\\\\\\\\\\\\\'s current groups and roles.

document_search

Query Audit Log

Returns a list of `Event` objects from the token-linked audit log.

groups

Query Groups

Returns a list of `Group` objects wrapped in the OCSF Entity Management event of type Read from the token-linked identity provider.

crisis_alert

Query Risk Events

Returns identity threat / risk events (for example Microsoft Entra Identity Protection risk detections for users), normalized to OCSF.

person_alert

Query Risky Users

Returns rolled-up risky user records (for example Microsoft Entra Identity Protection riskyUsers), each normalized to an OCSF Entity Management Read event.

group

Query Users

Returns a list of `User` objects wrapped in the OCSF Entity Management event of type Read from the token-linked identity provider.

Integration Resources

Partner Website

Microsoft Website

Partner Support

Microsoft Support