Receive Alert Notifications via Microsoft Teams

Getting started

Last9 can send alert notifications and resolutions to Microsoft Teams channels using Teams Workflows (Power Automate) webhooks. This document provides step-by-step instructions on how to set up the integration and start receiving alert notifications.

Creating an incoming webhook with Workflows

Open Microsoft Teams and navigate to the channel where you want to receive alerts
Click … (more options) next to the channel name and select Workflows
Choose the template Send webhook alerts to a channel
Give the workflow a name (e.g., “Last9 Alerts”) and verify the Microsoft Teams connection shows a green check
Select the Team and Channel where alerts should be posted

Click Add workflow and copy the generated HTTP POST URL. It will look like one of:

https://default<id>.<region>.environment.api.powerplatform.com/powerautomate/automations/direct/workflows/<workflow-id>/triggers/manual/paths/invoke?...

https://prod-<nn>.<region>.logic.azure.com:443/workflows/<workflow-id>/triggers/manual/paths/invoke?...

Setting up a notification channel in Last9

In Notification Channels, click Add to create a new channel
Provide the following details:
- Channel Name: A descriptive name to easily identify the channel (e.g., “Teams Production Alerts”)
- Channel: Select Webhook from the dropdown
- Webhook URL: Paste the Workflows HTTP POST URL copied from the previous step
- Send Resolved: Enable this option if you want to be notified when an alert has been resolved
Click Save to enable the channel

Assigning a notification channel to an alert group

Navigate to your Alert Group in Alerting
Click on the notification channel icon to configure notifications
Select your Microsoft Teams channel from the dropdown

Microsoft Teams notification format

Last9 sends notifications to Microsoft Teams as Adaptive Cards. Each notification includes:

Section	Description
Title	Event type (TRIGGER/RESOLVED) with severity icon and alert summary, color-coded by severity
Facts	Structured alert details (severity, component, annotations, custom details)
Actions	Buttons linking to Last9 dashboards and runbooks

Severity colors and icons

Severity	Title Color	Icon
Critical/Breach	Red	🔴
Warning/Threat	Orange	🟠
Info	Blue	ℹ️
Resolved	Green	✅

Using Terraform

You can also create the Microsoft Teams notification channel using the Last9 Terraform Provider:

resource "last9_notification_channel" "teams" {
  name          = "teams-production-alerts"
  type          = "webhook"
  destination   = "https://default<id>.<region>.environment.api.powerplatform.com/powerautomate/automations/direct/workflows/..."
  send_resolved = true
}

Troubleshooting

Notifications accepted but not appearing in Teams

The Workflows webhook returns 202 Accepted as soon as the request is received — card posting happens asynchronously inside the workflow. If alerts are not appearing:

Open Power Automate, select your workflow, and check the 28-day run history for failed runs
Verify the workflow’s Teams connection is still valid (re-authenticate if it shows an error)
Ensure the target team and channel still exist and the workflow owner still has access

Workflow creation stuck on “Signing in”

The Microsoft Teams connection cannot be authenticated by guest accounts from other organizations. Ask a member of the team’s own organization to create the workflow.

Rate limiting (429 errors)

Microsoft Teams has rate limits for incoming webhooks. Last9 automatically handles rate limiting with retry logic (up to 3 retries with 5-second delays). If you’re sending a high volume of alerts:

Consider consolidating alerts using alert grouping
Use different channels for different severity levels

Messages not formatting correctly

Ensure you selected Webhook as the channel type
Verify the webhook URL host ends with .api.powerplatform.com or .logic.azure.com

Please get in touch with us on Discord or Email if you have any questions.