Aug 12 2021 01:00 AM
Hello guys,
I wanted to try out the integration of cloud app security in microsoft flow/power automate and wanted to test the "Isolate machine using Windows Defender upon a Cloud App Security alert" template.
The template doesn't work because the ATP Advanced Hunting query step inside the flow always fails. So I tried the query that is used for that step in the Microsoft 365 Security Center and it doesn't work because the table "LogonEvents" doesn't exist anymore. So I wanted to ask if there are any alternatives to still make the template work. I tried it with DeviceLogonEvents and IdentityLogonEvents but they don't seem to support the same features.
Best regards
Salomo