![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(243.2, 77%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Microsoft Defender for Cloud Apps
A Microsoft cloud access security broker that enables customers to control the access and use of software as a service apps in their organization.
163 questions
There could be several reasons why your Logic App workflow automation is not triggering for security alerts in Microsoft Defender. Here are some things to check:
- Trigger Configuration: Ensure that the Logic App is configured with the correct trigger for security alerts. The triggers should be set to activate when a Defender for Cloud Alert is created or triggered. If you are using a deprecated trigger, it will not work.
- Alert Severity Levels: If you have customized the trigger to only respond to specific severity levels, make sure that the simulated alerts fall within those levels.
- Permissions: Verify that you have the necessary permissions to execute the Logic App and that the Logic App has access to the required resources.
- Logic App Status: Check if the Logic App is enabled and not in a disabled state. Also, ensure that there are no issues with the Logic App itself that might prevent it from running.
- Polling Interval: The Logic App trigger processes new alerts based on a specified polling interval. If no alerts are received during the polling period, the trigger will not run.
If you've checked all these aspects and the issue persists, you may want to consult the documentation for additional troubleshooting steps or consider reaching out to Microsoft support for further assistance.
References: