functionality of "Isolate machine using Windows Defender upon a Cloud App Security alert" template

Occasional Contributor

Hello guys,

I wanted to try out the integration of cloud app security in microsoft flow/power automate and wanted to test the "Isolate machine using Windows Defender upon a Cloud App Security alert" template. 

The template doesn't work because the ATP Advanced Hunting query step inside the flow always fails. So I tried the query that is used for that step in the Microsoft 365 Security Center and it doesn't work because the table "LogonEvents" doesn't exist anymore. So I wanted to ask if there are any alternatives to still make the template work. I tried it with DeviceLogonEvents and IdentityLogonEvents but they don't seem to support the same features.

 

Best regards

 

Salomo

0 Replies