Hello, I've created a flow that does the following:
- Trigger: A security alert for phishing attempts from Microsoft 365 Security sends a notification email.
- Flow:
- Parse the email to pull the following info:
- Who sent it
- Who it was sent to
- Check the inbox of the user it was sent to for the last email sent by the suspicious sender and grab the subject of that email, without reading it (similar to a quick trace in Exchange 365)
- Send a notice to the user saying that a suspected phishing attempt was detected by [sender] with [subject].
Problem:
This works fine when I'm checking my own mailbox, but is unable to check the mailbox of other users. I know this is a permissions issue, and that makes sense. I could give myself the permissions I need, but I'd like to avoid giving my account that level of permissions.
Question:
Is there any way to get the subject I'm after? If I click the alert link in the notice that Microsoft 365 sends, it takes me to an alert with all of the details that I need, including the subject. I'd like to be able to grab the subject straight from that alert without checking anyone's email.
I tried using the Microsoft Graph connector and get the alert by the ID in the notification, but the "Get alert by ID" (found here: Microsoft Graph Security - Connectors | Microsoft Docs) call doesn't expose that info.
Any ideas on how to get at that subject?
I looked into possibly calling a quick trace search through Exchange but that doesn't seem possible with Power Automate.
Thanks!
