Microsoft Entra access hygiene digest
Scheduled read-only Microsoft Entra ID access governance digest. It reads bounded pages of users, groups, applications, service principals, directory audit logs, and sign-in logs through recued-core.microsoft-entra, renders compact tables, and optionally sends an in-app nudge when matching audit or sign-in events are visible. It never creates or deletes users, resets passwords, mutates MFA, changes role assignments, creates app credentials, changes conditional access policies, assigns licenses, or calls arbitrary Graph APIs.
How it works
Inspect the data fetches, transforms, gates, and output this recipe runs.
Settings
Configurable at install. Defaults shown — change them anytime in Recued.
channels
setting
=
in_app
end hour
setting
=
10
weekdays
setting
=
1,2,3,4,5
microsoft
setting
=
row limit
setting
=
20
start hour
setting
=
8
user filter
setting
=
accountEnabled eq false
audit filter
setting
=
category eq 'UserManagement' or category eq 'GroupManagement'
group filter
setting
=
securityEnabled eq true
sign in filter
setting
=
status/errorCode ne 0
application filter
setting
=
notify when events
setting
=
true
service principal filter
setting
=
accountEnabled eq true
Trust & control
What installing this recipe would let it do. Recued grants these permissions at install — review them there before approving.