This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 82%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVS%3C/text%3E%3C/svg%3E)
How to create Playbook and automation rules for M365 Defender for Identity, Endpoint, Cloud Apps, and Data as we wanted to do some automation around it to let SOAR work on the alerts which are on "Low", "Medium" severity alerts?
For example: if we have many alerts those should be verified by that respective automation rule and take the appropriate actions like close those alerts or mark as no action needed.
I wanted to check in and see if you had any other questions or if you were able to resolve this issue?
If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.
If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.
Have you tried enabling the M365 Defender analytic rule in Sentinel and then configure it for automation?
Then if the logic within that automation was not sufficient you could still call a playbook and perform additional customized workflows.
Hi @vinod ,
Have you tried enabling the M365 Defender analytic rule in Sentinel and then configure it for automation?
Then if the logic within that automation was not sufficient you could still call a playbook and perform additional customized workflows.
I did not try it yet as there are some things pending and needs to work on it. I will confirm once test it.
I did not try it yet as there are some things pending and needs to work on it. I will confirm once test it.