Updated Permissions in AS-Revoke-Azure-AD-User-Session-From-Entity

Azure · Dec 3, 2024 · f8f5efa · f8f5efa
1 parent 6596460
commit f8f5efa
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/Playbooks/AS-Revoke-Azure-AD-User-Session-From-Entity/README.md b/Playbooks/AS-Revoke-Azure-AD-User-Session-From-Entity/README.md
@@ -19,7 +19,7 @@ This playbook is intended to be run from a Microsoft Sentinel Entity. It will lo
                                                                                                                                      
 The following items are required under the template settings during deployment: 
 
-* A Microsoft Azure Active Directory [app registration](https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/AS-Revoke-Azure-AD-User-Session-From-Entity#create-an-app-registration) with admin consent granted for "**User.ReadWrite.All**" in the "**Microsoft Graph**" API
+* A Microsoft Azure Active Directory [app registration](https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/AS-Revoke-Azure-AD-User-Session-From-Entity#create-an-app-registration) with admin consent granted for "**User.RevokeSessions.All**" in the "**Microsoft Graph**" API
 * An [Azure key vault secret](https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/AS-Revoke-Azure-AD-User-Session-From-Entity#create-an-azure-key-vault-secret) containing your app registration client secret
 
 
@@ -50,7 +50,7 @@ From the "**Select an API**" pane, click the "**Microsoft APIs**" tab and select
 
 ![RevokeUserSession_App_Registration_5](Images/RevokeUserSession_App_Registration_5.png)
 
-Click "**Application permissions**", then paste "**User.ReadWrite.All**" in the search bar. Click the option matching the search, then click "**Add permission**".
+Click "**Application permissions**", then paste "**User.RevokeSessions.All**" in the search bar. Click the option matching the search, then click "**Add permission**".
 
 ![RevokeUserSession_App_Registration_6](Images/RevokeUserSession_App_Registration_6.png)
 

diff --git a/Playbooks/AS-Revoke-Azure-AD-User-Session-From-Entity/azuredeploy.json b/Playbooks/AS-Revoke-Azure-AD-User-Session-From-Entity/azuredeploy.json
@@ -4,7 +4,7 @@
     "metadata": {
         "title": "AS-Revoke-Entra-ID-User-Session-From-Entity", 
         "description": "This playbook is intended to be run from a Microsoft Sentinel Entity. It will look up Entra ID users associated with the account entities and revoke their sessions.",
-        "prerequisites": "1. An App Registration with User.ReadWrite.All permissions granted on Microsoft Graph API. 2. A client secret for the App Registration must be generated. 3. An Azure Key Vault Secret to hold the client secret. Support for the set up and configuration of each of these items can be found here: https://github.com/Accelerynt-Security/AS-Revoke-Azure-AD-User-Session-From-Entity",
+        "prerequisites": "1. An App Registration with User.RevokeSessions.All permissions granted on Microsoft Graph API. 2. A client secret for the App Registration must be generated. 3. An Azure Key Vault Secret to hold the client secret. Support for the set up and configuration of each of these items can be found here: https://github.com/Accelerynt-Security/AS-Revoke-Azure-AD-User-Session-From-Entity",
         "postDeployment": ["Access to the Azure Key Vault must be granted to the playbook"],
         "lastUpdateTime": "2024-05-22T23:40:50Z",
         "entities": ["Account"],