This workflow consumes one or more usernames or email addresses and attempts to lock out or disable matching users in all supported products. Currently supported products include: Cisco Duo, Microsoft Entra ID.

Targets: Automation APIs, Cisco Duo, Microsoft Entra ID

Steps:
- Check how the workflow was started (if not a playbook task, end the workflow)
- Get a list of XDR automation targets and extract the supported integrations
- Check if there are supported integrations available (if not, end the workflow)
- For each observable:
  - For each integration:
    - Attempt to lock out or disable the user in the given integration
  - Check if the user was locked out or disabled in at least one product (if not, update the workflow results)

XDR - Contain Incident: Users