Cloud Based Proactive Response Example Playbook
Important
When configuring playbooks for Proactive Response, the playbook name must match the trigger name and follow the Proactive Response Naming Convention.
Azure AD Disable and Enable User Playbook Configurations ⫘
- Configure a Microsoft Graph API automation connection. For more information about adding a new connection, see Create a New Connection.
Microsoft Graph API Connection
Note
Each connector has built-in documentation that outlines the requirements for the connector type. Select Documentation from a connector or configured connection in XDR to open this in a new tab.
- Configure an Azure AD Disable User playbook for the Disable User action using the trigger parameters shown below. For more information about adding a new playbook, see Create a New Playbook.
- Enter
M_DISUSERin the Playbook Details Name field. - Select User Initiated for the Trigger Type.
- Select Response Action for the Category.
- Select User for the Context.
- Enter
M_DISUSERin the Trigger Source Name field. - Under When does this playbook run?, select Only When and then enter
falsein the Trigger Filter field.
Note
Playbooks leveraging User type context do not have actions listed in the dropdown—they must be executed manually.
Note
Each playbook has built-in documentation that walks through the steps to create a new playbook. Select Documentation from a playbook template or configured playbook in XDR to open this in a new tab and follow the guidance there.
- Configure an Azure AD Enable User playbook for the Enable User action using the trigger parameters shown below. For more information about adding a new playbook, see Create a New Playbook.
- Enter
M_ENUSERin the Playbook Details Name field. - Select User Initiated for the Trigger Type.
- Select Response Action for the Category.
- Select User for the Context.
- Enter
M_ENUSERin the Trigger Source Name field. - Under When does this playbook run?, select Only When and then enter
falsein the Trigger Filter field.
Note
Playbooks leveraging User type context do not have actions listed in the dropdown, they must be executed manually.
Note
Each playbook has built-in documentation that walks through the steps to create a new playbook. Select Documentation from a playbook template or configured playbook in XDR to open this in a new tab and follow the guidance there.