During a cloud event at Motion10 my respected colleague Ralph Blokpoel demonstrated how you could use LogicApps to connect to the Microsoft Secure Graph. This connection is now in preview.
Ralph’s demonstration triggered (no pun intended) me. What if I could create a Flow to connect to the secure graph and to Microsoft Teams as well? Well, this works 🙂
Hold-on, what about those dashboard and alerts?
Why use these connectors and Flow to send out all those notifications? Most platforms (the Office 365 auditlog, Cloud App Security, Log Analytics, to name a view) all have notification functions.
But let’s remember that Flow is not just a notification engine (duh….). With Flow you can take the details of an alert, set conditions and add your own actions. So you can really create cool workflows, combined with the other Office 365 (and Azure) functions. So let’s take a look….
Creating the flow
My basic flow is very easy. It is based on a recurrence and runs every 15 minutes. During the run it connects to the Microsoft Secure Graph and checks for alerts with severity “High”. It returns the top five alerts.
Based on these alerts, I receive an e-mail. Also, the details are added to a specific channel in Microsoft Teams. Easy isn’t it?
Secure Graph options
When using the Secure Graph connector (hint: look for Microsoft Graph when adding this one), you get access to a lot of alert information.
In my flow I use some of these dynamic fields. Some I used in the e-mail action while others were used in the Teams action.
The Microsoft Teams action is really nice. As this platform is used more and more, I like that you can now use Flow to post messages as-well. Another example would be to post a message to a channel when a file is added to a document library. Great stuff.
Now that the Flow is done, let’s test it out. I do know that I have some high severity alerts in my tenant. I created these when testing the OAuth policy in Cloud App Security. So the Flow should give me some results.
And yes, the alerts are also posted to Teams. Although it took some time, as Teams suffered from an outage when I tested this Flow 😦
This is a great new function for Flow, in my opinion. One fun-fact – if you want to use the new connector with LogicApps, you cannot in the Azure Government and Azure China regions…..
Want to know more about this connector, just read the documentation here: https://docs.microsoft.com/en-us/connectors/microsoftgraphsecurity/
This is great thanks!