Skip to main content

Instructor, no.

Incydr Professional, Enterprise, Horizon, and Gov F2, yes.

Incydr Basic, Advanced, and Gov F1, yes.

Code42 Support

Microsoft Teams configuration for Incydr Flows


The Incydr Response Flow for Microsoft Teams allows you to quickly respond to risky activity to protect your organization's vital business data. When a user's activity triggers an alert in Incydr, the Response Flow automatically generates a message in Teams for your security analysts. From there, analysts can use the message to quickly respond to the possible incident and contain data loss. This article describes how to configure Microsoft Teams in preparation for integration with Incydr Flows.


Incydr Flows:

  • Are a paid service on some product plans.
  • Are not available in the Code42 federal environment.
  • Require assistance and setup from Code42 Professional Services. Contact your Customer Success Manager (CSM) to engage the Code42 Professional Services team.

Configure Microsoft Teams

Work with your Microsoft Teams administrator to complete these configuration tasks in preparation for integration with an Incydr Response Flow:

  1. Verify that you have a user with a global admin role in Microsoft Teams.
    Only global admins can authorize the workbot that the Flow requires.
  2. If one does not already exist, create a new team and a channel in that team in Microsoft Teams for the automated notifications.
    Incydr Flows sends notifications to this team channel in Teams when a user's activity triggers an alert in Incydr.
  3. Create a new Workato Workbot and add it to that team and channel.
    Incydr Flows sends information to this bot about risky activity to create notifications in the team channel in Teams.

Microsoft Teams Response Flow processing

After you configure Microsoft Teams and integrate it with an Incydr Response Flow, risky activity that triggers an alert in Incydr is automatically sent as a message to your security analysts in a team channel. Notifications include details about the Incydr alert and include controls to:

  • Review the alert in Incydr
  • Close the alert
  • Request more information about the activity from the user
  • Was this article helpful?