Microsoft Teams configuration for Incydr Flows
Overview
The Incydr Response Flow for Microsoft Teams allows you to quickly respond to risky activity to protect your organization's vital business data. When a user's activity triggers an alert in Incydr, the Response Flow automatically generates a message in Teams for your security analysts. From there, analysts can use the message to quickly respond to the possible incident and contain data loss. This article describes how to configure Microsoft Teams in preparation for integration with Incydr Flows.
Considerations
Configure Microsoft Teams
Work with your Microsoft Teams administrator to complete these configuration tasks in preparation for integration with an Incydr Response Flow:
- Verify that you have a user with a global admin role in Microsoft Teams.
Only global admins can authorize the workbot that the Flow requires. - If one does not already exist, create a new team and a channel in that team in Microsoft Teams for the automated notifications.
Incydr Flows sends notifications to this team channel in Teams when a user's activity triggers an alert in Incydr. - Create a new Workato Workbot and add it to that team and channel.
Incydr Flows sends information to this bot about risky activity to create notifications in the team channel in Teams.
Microsoft Teams Response Flow processing
After you configure Microsoft Teams and integrate it with an Incydr Response Flow, risky activity that triggers an alert in Incydr is automatically sent as a message to your security analysts in a team channel. Notifications include details about the Incydr alert and include controls to:
- Review the alert in Incydr
- Close the alert
- Request more information about the activity from the user
External resources
Microsoft documentation:
- About admin roles in the Microsoft 365 admin center
- Create your first teams and channels in Microsoft Teams
Workato Workbot documentation: Getting started with Workbot for MS Teams by Workato