Power Platform Community Forum Thread Details

Good day,

I've been asked to automate the following process we have in place in my org:

A User creates a forwarding rule
A mail is sent to a certain DL containing the link of the Alert so we can process it manually

If the forward/redirect is internal (xxx@myorg.com) then the alert is set to "Resolved" and "Internal" as a comment
If the forward/redirect is external (xxx@gmail.com) then we have to remove this auto-forward / rule (manual process)

I pretty sure there are many ways to overlook this but what I have so far is:

It seems that this kind of Informational Alerts does not reside in the Defender for Cloud App but more in the Security Center.
I'm also receiving a 403 error code when testing the flow whereas I have activated all appropriate PIM Role (Security Operator):

So the main point here would be to have that if the redirection is done internally, the Alert closes automatically with the "Resolved" status and "Internal" as a comment. External ones will always be done manually.
I'm kind of stuck here and spent few hours looking everywhere but without any real success.

I don't know if this helps but I already have an Azure Sentinel query that lists all the existing alerts showing the forwarded email address that is allowing us to select all Alerts from the "Compliance" center and bulk solve them by filtering on the correct policy.

I was also thinking to extract the link from the mails we receive to have the alert ID but this one is encoded with the Safe Link feature.

Is there's someone that could point me in the right direction or giving me a few tips to have this achieved?
FYI, it seems I don't have access to the Microsoft Graph Security connector which might be the key here. Correct?

Many thanks in advance.

Categories:

Building flows