Share via

Logic App Workflow Automation Not Triggering for Security Alerts

Mike Ter 0 Reputation points
2025-01-05T21:52:46.64+00:00

I have set up a Logic App to trigger workflow automation for security alerts on Microsoft Defender. However, it is not triggering automatically, even after simulating security alerts on the storage account.

I can trigger the alerts manually, and I receive email notifications as expected based on the workflow setup in the Logic App.

Despite following the documentation, the workflow automation is not functioning as intended when connected to the Logic App.

Thank you

Regards

Mike

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,347 questions
Azure Logic Apps
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
3,332 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,476 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Shireesha Eeraboina 1,150 Reputation points Microsoft Vendor
    2025-01-10T07:49:46.2466667+00:00

    Hi @Samir EL Kaabaoui (DE) ,

    Thanks for posting your question in Microsoft Q&A, apologize for any inconvenience caused on this.

    As from the details that you have mentioned in the thread it is clear that using the Microsoft documents you have configured according to them but please do double check the below points and if the issue still persists, please share the error screenshot or detailed error message that will help us in investigating the issue better.

    Ensure that the Managed Identity is properly configured for the Logic App. This involves enabling the system-assigned managed identity and assigning the necessary roles, such as 'Storage Blob Data Contributor', to the Logic App's identity and also Confirm that the Managed Identity has the necessary permissions on the storage account. This can be set up in the Access Control (IAM) section of the storage account.

    Also please note that the Azure Blob Storage managed connector has limitations, such as only being able to read or write files that are 50 MB or smaller. Ensure that your Logic App is not hitting these limitations, if you want to know that limitation, please do check the below document:

    https://learn.microsoft.com/en-us/azure/connectors/connectors-create-api-azureblobstorage?tabs=consumption

    As per the documents mentioned it clearly states that if you're using the legacy trigger When a response to a Microsoft Defender for Cloud alert is triggered, your logic apps won't be launched by the Workflow Automation feature.
    https://learn.microsoft.com/en-us/azure/defender-for-cloud/workflow-automation#supported-triggers

    I hope the above provided information might help you, if you have any further queries, please feel free to reach out to us.

    Thankyou.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.