Hi,
I want to automate cloud app security policies to take specific action when an alert is generated. For instance I want to create a policy and automate it to ask users to reset their passwords when their account is flagged for "impossible travel" activity" or multiple logins attempts from different geographical locations.
I have looked at using power automate but I cannot see it taking the above action, unless I'm missing something. I can get it to send an email alert to admins.
I would welcome any suggestions or pointers.
Thank you.
At Ignite on Tour Amsterdam last year i saw a demonstration connecting CASB to a Azure Runbook via a Flow to accomplish this.
The case then was, when CASB has a impossible travel alert, start the flow.. kick of a Azure Runbook > check the mailbox of the specific user for an active Out of Office rule > Let Flow use the output of the job > if the rule was found, close the alert, if not found then post a message in teams.
I remember the presenter saying that the demo would be available after, but i haven't been able to find it.
Connecting flow to Azure Automation however is documented:
https://danielchronlund.com/2018/11/18/start-your-azure-automation-powershell-runbook-with-a-microsoft-flow-button/
https://docs.microsoft.com/en-us/azure/automation/start-runbooks
Hi,
The issue with this is that webhooks typically trigger with some kind of data update and unless we already have a trigger set up to monitor for that data change it will be hard to integrate this into flow if not impossible. It might be possible to set up an HTTP request to send when an account if flagged but I have no idea how that would work on the non-flow side. I would suggest opening a case with Microsoft Support to help take a look into this, I'll include a link below. Otherwise if any other communities members might have set this up before feel free to pitch in.
Regards,
Alex
-------
Community Support Team _ Alex Rezac
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
stampcoin
31
Churchy
20
Michael E. Gernaey
18
Super User 2025 Season 1