Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
3,162 questions
Microsoft Defender ATP Trigger doesn't work
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 40%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Shohei Morino
5
Reputation points
Microsoft Defender ATP trigger does not work.
I am using Microsoft Defender ATP triggers for the Consumption plan Logic Apps.
We confirmed from the Defender Portal (security.microsoft.com) that the MDE alert was issued and checked the execution and trigger history of Logic Apps, but it was neither executed nor triggered.
What are the prerequisites, if any, for triggering?
When creating the connector for the Microsoft Defender ATP trigger, we used the Logic Apps system-assigned Managed ID and granted the following permissions to the Managed ID
"WindowsDefenderATP/Alert.Read.All/Read all alerts"
I created a connector with the OAuth option as a test, but the result was the same. In this case, the authenticated user was given the Entra Security Administrator role.
Translated with DeepL.com (free version)
{count} vote
-
Shohei Morino 5 Reputation points
2024-09-20T07:31:11.0733333+00:00 Supplemental information.
We believe that the connector has been created without any problems.
We have added a “Get a single alert” action to this Logic Apps and ran it manually and confirmed that it completed successfully and that we were able to retrieve the information.
Sign in to comment
Sign in to answer