How to create Playbook and automation rules for M365 Defender for Identity, Endpoint, Cloud Apps, an

VinodS2020

So, I think you're asking how to create those books in Microsoft Sentinel. For any incident trigger you can go to Automation under the Configuration section in Sentinel. From there you can select "+ Create" and then assign an action such as running a playbook or adding a task etc. If you select to run a playbook you can select any active playbooks you have created. Additionally, there are playbook templates that will have what you want or will be close enough for you to modify to accomplish almost any task. 

Here are the docs that will help.

https://learn.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook?tabs=LAC%2Cincidents