Microsoft Teams Notifications
Microsoft Teams Notifications
Section titled “Microsoft Teams Notifications”Deliver CBOM alerts to Microsoft Teams channels. Keep your security and operations teams informed about certificate expirations, policy violations, and new discoveries — right where they collaborate.
What It Does
Section titled “What It Does”The Teams integration sends formatted Adaptive Card notifications to your Teams channels when CBOM events occur:
- Certificate expiry warnings — Alerts at 30, 14, and 7 days before expiration
- Policy violations — When assets fail compliance checks
- New critical assets — When quantum-vulnerable crypto is discovered
- Scan failures — When sensors can’t reach targets
Configuration (Planned)
Section titled “Configuration (Planned)”Incoming Webhook
Section titled “Incoming Webhook”integrations: teams: webhook_url: https://outlook.office.com/webhook/... events: - cert_expiry_warning - new_critical_asset - policy_violation - scan_failure filters: min_severity: HIGH asset_types: - certificate - private-keyPower Automate (Alternative)
Section titled “Power Automate (Alternative)”For organizations that prefer Power Automate workflows:
integrations: teams: method: power_automate flow_url: https://prod-xx.westus.logic.azure.com/workflows/... events: - cert_expiry_warning - policy_violation payload_format: adaptive_cardExample Notification
Section titled “Example Notification”Teams notifications use Adaptive Cards for rich formatting:
┌─────────────────────────────────────────────────────────┐│ 🔴 CBOM Alert ││━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━││ ││ Certificate Expiring Soon ││ ││ ┌─────────────┬───────────────────────────────────────┐ ││ │ Certificate │ api.production.example.com │ ││ │ Expires In │ 7 days (March 21, 2025) │ ││ │ Algorithm │ RSA-2048 │ ││ │ Risk Level │ 🟠 HIGH (quantum-vulnerable) │ ││ │ Issuer │ DigiCert Global G2 │ ││ │ Locations │ 3 servers │ ││ └─────────────┴───────────────────────────────────────┘ ││ ││ [ View in CBOM ] [ Acknowledge ] ││ │└─────────────────────────────────────────────────────────┘Multiple Channels
Section titled “Multiple Channels”Route events to different Teams channels based on severity or type:
integrations: teams: channels: - webhook_url: https://outlook.office.com/webhook/.../critical events: - compromised_asset - cert_expired min_severity: CRITICAL
- webhook_url: https://outlook.office.com/webhook/.../security events: - cert_expiry_warning - policy_violation - new_critical_asset min_severity: HIGH
- webhook_url: https://outlook.office.com/webhook/.../ops events: - scan_failure - new_asset_discovered min_severity: LOWPower Automate Workflows
Section titled “Power Automate Workflows”Using Power Automate unlocks additional capabilities:
- Approval flows — Require manager approval before acknowledging critical alerts
- Conditional routing — Route to different teams based on asset owner or business unit
- Escalation — Auto-escalate if no response within SLA
- Ticket creation — Trigger Azure DevOps work items or Planner tasks from the alert
Use Cases
Section titled “Use Cases”- Enterprise Microsoft 365 environments — Native Teams integration for organizations standardized on Microsoft
- Compliance team visibility — Dedicated channel for compliance officers to monitor crypto posture
- On-call alerting — Route critical events to the on-call team’s channel
- Executive summaries — Weekly digest cards for security leadership
Related
Section titled “Related”- Integrations Overview — All available integrations
- Slack — Similar notifications for Slack environments
- Jira — Auto-create tickets from alerts
- Policies — Define rules that trigger alerts