Login
    Contents x
    Microsoft Entra ID (Azure AD) - Add or Remove Members from Administrative Unit
    • 13 Feb 2024
    • 3 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    Microsoft Entra ID (Azure AD) - Add or Remove Members from Administrative Unit

    • Updated on 13 Feb 2024
    • 3 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Article Summary

    Microsoft Entra ID (formerly Azure AD) - Add or Remove Members from Administrative Unit adds or removes a user to or from an Entra ID Administrative unit for each asset (users, groups, or devices) that is a result of the saved query supplied as a trigger (or devices that have been selected in the asset table).

    See Creating Enforcement Sets to learn more about adding Enforcement Actions to Enforcement Sets.

    General Settings

    • Enforcement Set name (required) - The name of the Enforcement Set. A default value is added by Axonius. You can change the name according to your needs.
    • Add description - Click to add a description of the Enforcement Set. It is recommended to describe what the Enforcement Set does.
    • Run action on assets matching following query (required) - Select an asset category and a query. The Enforcement Action will be run on the assets that match the query parameters.
    • Action name (required) - The name of the Main action. A default value is added by Axonius. You can change the name according to your needs.
    • Configure Dynamic Values - Toggle on to enter a Dynamic Value statement. See Creating Enforcement Action Dynamic Value Statements to learn more about Dynamic Value statement syntax.

    • Use stored credentials from the Entra ID adapter - Select this option to use the first connected Entra ID adapter credentials.

    Required Fields

    These fields must be configured to run the Enforcement Set.

    1. Administrative Unit ID - The object ID of the Administrative Unit to which to add the users or to remove the users from.
    2. Operation - Select the operation you want to perform, either Add members or Remove members.

    3. Compute Node - The Axonius node to use when connecting to the specified host. For more details, see Connecting Additional Axonius Nodes.

    Additional Fields

    Connection Parameters

    If Use stored credentials from the Entra ID adapter is not enabled, these fields are required. To access the values for these fields, see the Entra ID adapter connection form.

    • Azure Client ID - The Application ID of the Axonius application.
    • Azure Client Secret - Specify a non-expired key generated from the new client secret.
    • Azure Tenant ID - The ID for Microsoft Entra ID.
    • Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.
    • Account Sub Domain - The Microsoft account's sub domain (<sub_domain>.onmicrosoft.com).
    • Username and Password - The credentials for a user account that has the permissions needed to fetch SaaS data.
    • 2FA Secret Key - The secret generated in Microsoft Entra ID for setting up 2-factor authentication for the Microsoft user.
    • SSO Provider - If your organization uses Microsoft Entra ID for SSO, you can select this check box.
      For more information, see Connecting your SSO Solution Provider Adapter.

    Use the scheduling options to execute Enforcement Actions on specific dates and times. You can also configure repeat schedules.

    For more details, see Scheduling Enforcement Set Runs.

    APIs

    Axonius uses the Microsoft Graph REST API v1.0 Add a Member and Remove a Member API.

    Required Permissions

    The associated application must be granted AdministrativeUnit.ReadWrite.All Application permission and must be assigned the Privileged Role Administrator or Global Administrator role.

    For full ands up-to-date information about permissions required for working with Microsoft Entra ID refer to permissions in Microsoft Graph API Documentation.

    For more details about other Enforcement Actions available, see Action Library.

    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout