Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

Feature request: Automation based on incident closed classification

Brass Contributor


Maybe I'm missing something but I've been trying to set up a automated flow where I would like a set of playbooks to be fired when an incident is closed with the classification "True Positive - Suspicious activity". In our workflow this is the only classification that isn't set by any other automation or playbook and I would like to use that classification to trigger other actions that are done manually today.

There seems to be the option of setting the incident status as a condition for an automation rule but not for the specific classification.

Can I perhaps solve this some other way in a logic app?




1 Reply
You can create the automation rule to trigger when the incident is closed (using the update feature). Then, in your Logic App, check to see what was the reason it was closed and go from there. BTW, you go here to request a new feature: