# Microsoft Teams Destination

Overview

Destinations are integrations that receive alerts from rules, policies, system health notifications, and rule errors. Panther supports configuring Microsoft Teams as the destination where you will receive alerts.

The MS Teams Destination requires a `Microsoft Teams Webhook URL`. When an alert is forwarded to an MS Teams Destination, it sends a message to the specified Webhook URL.

## How to set up Microsoft Teams alert destinations in Panther

### Configure the Power Automate Workflow in Microsoft Teams

To set up the Microsoft Teams destination, use [Power Automate](https://learn.microsoft.com/en-us/power-automate/) with a Webhook URL. Before proceeding, make sure your team has permission to add workflows in Microsoft Teams.

1. Log in to your Microsoft Teams application.
2. Navigate to **Workflows**. Click **New Flow**, then click **Create from Blank**.

<figure><img src="https://4011785613-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LgdiSWdyJcXPahGi9Rs-2910905616%2Fuploads%2Fgit-blob-e0119534aec8641fd5f65ddb70a62cf90777ec00%2Fimage.png?alt=media" alt=""><figcaption></figcaption></figure>

3. Search the trigger "When a Teams webhook request is received" and add to the flow.

<figure><img src="https://4011785613-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LgdiSWdyJcXPahGi9Rs-2910905616%2Fuploads%2Fgit-blob-06f0ee68bb958356fbb86535727fbd14aae46b72%2Fimage.png?alt=media" alt=""><figcaption></figcaption></figure>

4. Specify who can trigger - "Anyone".

<figure><img src="https://4011785613-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LgdiSWdyJcXPahGi9Rs-2910905616%2Fuploads%2Fgit-blob-3f9cd6698f880646910b7c5ebf3e2fddabdf5e4d%2Fimage.png?alt=media" alt=""><figcaption></figcaption></figure>

5. **Add a New Step: "Post card in chat or channel"**\
   Configure this step as follows:
   1. **Select an output from the previous step**:\
      Click the field and choose **`attachments`**.
   2. **Post card in chat or channel**:
      * **Post as**: Select **`Flow bot`**.
      * **Post in**: Select **`Channel`**.
      * **Team**: Choose the appropriate Microsoft Team where the message should be sent.
      * **Channel**: Select the channel that will receive the alerts.
      * **Adaptive Card**: Click the field and select **`content`**.

<figure><img src="https://4011785613-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LgdiSWdyJcXPahGi9Rs-2910905616%2Fuploads%2Fgit-blob-361b38da138c811053ea136ff08bb65279d7ea0f%2Fimage.png?alt=media" alt=""><figcaption></figcaption></figure>

6. Update the workflow name to something meaningful, then click Save to finalize your changes.

<figure><img src="https://4011785613-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LgdiSWdyJcXPahGi9Rs-2910905616%2Fuploads%2Fgit-blob-52f916b05534567b00a51e9e2971f4fd50c2415f%2Fimage%20(199).png?alt=media" alt=""><figcaption></figcaption></figure>

7. After saving the workflow, a webhook URL will be generated under the first step labeled "HTTP POST URL." Copy this URL, as you’ll need it later in Panther.

<figure><img src="https://4011785613-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LgdiSWdyJcXPahGi9Rs-2910905616%2Fuploads%2Fgit-blob-f328ffa6eca82c9f7c234669889db29926213cb8%2Fimage.png?alt=media" alt=""><figcaption></figcaption></figure>

### Configure the Microsoft Teams alert destination in Panther

1. Log in to the Panther Console.
2. In the left sidebar, click **Configure > Alert Destinations**.
3. Click **+Add your first Destination**.
   * If you have already created Destinations, click **Create New** in the upper right side of the page to add a new Destination.
4. Click **Microsoft Teams**.
5. Fill out the form to configure the Destination:
   * **Display Name**: Enter a descriptive name.
   * **Webhook URL**: Enter the Microsoft Teams Webhook URL that you generated in the previous steps of this documentation.
   * **Severity**: Select the severity level of alerts to send to this Destination.
   * **Alert Types**: Select the alert types to send to this Destination.
   * **Log Type**: By default, we will send alerts from all log types. Specify log types here if you want to only send alerts from specific log types.
   * **Allow Manual Dispatch**: Set this toggle ON if you'd like to be able to [manually dispatch alerts](https://docs.panther.com/alerts#manual-alert-dispatch) to this destination.\
     ![In the Panther Console, the "Configure your Msteams Destination" page is displayed. It contains fields for Display Name, Microsoft Teams Webhook URL, Severity, Alert Types, and Log Types.](https://4011785613-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LgdiSWdyJcXPahGi9Rs-2910905616%2Fuploads%2Fgit-blob-98d392d577ebd2806bf205f049391815c4998803%2Fmsteams-panther.png?alt=media)
6. Click **Add Destination**.
7. On the final page, optionally click **Send Test Alert** to test the integration. When you are finished, click **Finish Setup**.

## Additional Information on Destinations

For more information on alert routing order, modifying or deleting destinations, and workflow automation, please see the Panther docs: [Destinations](https://docs.panther.com/destinations).