Create custom flows for Microsoft Defender for Cloud Apps alerts
You can automatically remediate many Microsoft Defender for Cloud Apps alerts. Governance Actions in Microsoft Defender for Cloud Apps include many actions that can successfully resolve alerts.
Some specific actions might not be included which might require a more complex flow. For example, you could create a flow that requests user validation. This flow could then avoid many instances where the Security Operations Center (SOC) team would have to take actions that are no longer required.
Creating a custom flow alert with Power Automate
To create a custom flow alert with Power Automate to remove sensitive file sharing after requesting user validation, perform the following steps:
Create a file policy in Microsoft Defender for Cloud Apps that includes filters that match the specifics of the sensitive files.
In the policy, under Alerts, select Send Alerts to Power Automate and select the Power Automate playbook to send the alert to.
In Power Automate, ensure that there is a step to ask the user for validation.
Note that there are User Options that the user can select.
Create a switch that will depend upon which user option is selected in the email.
Explore custom flows
You can explore Power Automate now using the following interactive guide to simulate the creation of a custom flow.
Click on the image to get started.
Be sure to click the full-screen option in the video player. When you're done, use the Back arrow in your browser to come back to this page.