Skip to main content
Gets a list of alert resources created to track suspicious activities in an organization. The alerts are aggregated from various security products within the Microsoft Defender suite. Sources of Alerts in Microsoft Defender XDR:
  • Microsoft Defender for Endpoint (MDE)
  • Microsoft Defender for Identity (MDI)
  • Microsoft Defender for Office 365 (MDO)
  • Microsoft Defender for Cloud Apps (MDCA)
  • Microsoft Defender for Cloud (MDC)
  • Azure Active Directory Identity Protection
  • Microsoft Defender Antivirus (MDA)
  • Microsoft Sentinel (formerly Azure Sentinel)
  • Least privileged Microsoft Graph permission to access the action via application: SecurityAlert.Read.All.
  • Higher privileged Microsoft Graph permission to access the action via application: SecurityAlert.ReadWrite.All.
External DocumentationTo learn more, visit the Microsoft Defender XDR documentation.

Parameters

Example Output

Workflow Library Example

List Alerts with Microsoft Defender Xdr and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop