Identity Governance - Microsoft Entra ID
API capability pack for bounded Microsoft Entra ID operations through Microsoft Graph at https://graph.microsoft.com/v1.0 only. Enroll a Microsoft Graph OAuth bearer connection named microsoft with least-privilege Graph scopes for the installed operations. The pack reads users, groups, group members, applications, service principals, directory audit logs, and sign-in logs for access governance, offboarding review, and identity incident triage. It bundles a scheduled access hygiene digest, an AI-assisted user access brief, and approval-gated workflows for disabling/enabling one user and adding/removing one user from one group. The pack intentionally excludes user creation/deletion, password reset/change, MFA/authentication method mutation, role/admin assignment, app credential/secret/key mutation, application/service-principal creation or deletion, conditional access/policy mutation, device deletion, license assignment, mailbox/file/calendar surfaces, arbitrary Graph passthrough, and beta endpoints.
What this pack installs
- Microsoft Entra access hygiene digest Recipe
- Microsoft Entra user access brief Recipe
- Disable a Microsoft Entra user Recipe
- Enable a Microsoft Entra user Recipe
- Add a Microsoft Entra user to a group Recipe
- Remove a Microsoft Entra user from a group Recipe
- microsoft-entra Ingredient
Trust & control
What installing this whole pack would let it do. Recued grants these permissions at install — review them there before approving.