Query Details

Microsoft Security Exposure Management - Managed Identity

EEG Managed Identity

Query

ExposureGraphNodes 
| where NodeLabel == @"managedidentity"
| extend Type = tostring(type = parse_json(NodeProperties).rawData.managedIdentityMetadata.type)
| extend name = tostring(parse_json(NodeProperties).rawData.identityMetadata.data.name)
| extend accountType = tostring(parse_json(NodeProperties).rawData.managedIdentityMetadata.data.accountType)
| extend AadObjectId = NodeName
| extend attachedResourceId = parse_json(NodeProperties).rawData.managedIdentityMetadata.data.attachedResourceId
| project Type, name, accountType, attachedResourceId, AadObjectId

About this query

Microsoft Security Exposure Management - Managed Identity

Query Information

Description

Use the below queries to retrieve Entra ID managed Identity from the enterprise exposure graph.

References

Microsoft Defender XDR

Retrieve Entra ID - Managed Identity data

Explanation

This query retrieves Entra ID managed Identity data from the enterprise exposure graph in Microsoft Security Exposure Management. It filters the ExposureGraphNodes for NodeLabel "managedidentity" and extracts information like Type, name, accountType, attachedResourceId, and AadObjectId.

Details

Alex Verboon profile picture

Alex Verboon

Released: March 14, 2024

Tables

ExposureGraphNodes

Keywords

ExposureGraphNodesNodeLabelTypenameaccountTypeAadObjectIdattachedResourceId

Operators

ExposureGraphNodeswhereextendtostringparse_jsonproject

Actions

GitHub