If you are using the Cloud App Security (CAS) service, you can connect Microsoft Flow to it in order to automate actions like generating ticket in SIEM system, send notification to user and/or manager, disable account…

To do so you must, off course, have an active Cloud App Security and Flow subscription.

Then you need to generate a token to allow Flow to connect to CAS

imageimageimageimage

  • Save the generated token as it will be needed when you will setup the Flow connection with CAS
  • Connect to your Flow management portal (https://flow.microsoft.com) to create a connection to your CAS using either the Connectors and search for Cloud App Security

image

  • Then click on the When an alert is generated button and fill the Connection Name and API Key fields (use the token value created earlier)

image

  • Then you can configure your Flow to define what actions/steps need to be executed when an alert is generated from CAS

image