Free Preparation Discussions
MENU
Microsoft SC-200 Exam - Topic 4 Question 111 Discussion
Topic #: 4
You have an existing Azure logic app that is used to block Azure Active Directory (Azure AD) users. The logic app is triggered manually.
You deploy Azure Sentinel.
You need to use the existing logic app as a playbook in Azure Sentinel. What should you do first?
In Microsoft Sentinel, playbooks are Azure Logic Apps that automate responses to alerts or incidents. To use an existing Logic App as a playbook in Sentinel, it must start with the ''Microsoft Sentinel alert'' trigger. This trigger allows Sentinel to call and pass alert details to the Logic App automatically.
When an existing Logic App has a manual trigger, it cannot be invoked directly by Sentinel. Therefore, the first step is to modify the trigger to replace the manual trigger with the ''When a response to an Azure Sentinel alert is triggered'' trigger. After that, you can link it within Sentinel incidents or automation rules.
This process is detailed in Microsoft Defender XDR and Sentinel documentation under ''Connect a Logic App to Sentinel as a playbook.''
Hence, the correct answer is D. Modify the trigger in the logic app.
Currently there are no comments in this discussion, be the first to comment!