InsightIDR to Microsoft 365 Workflow Only Sending Investigations – Not Alerts or Managed Alerts

orowan · February 20, 2026, 11:22am

Hi all,

We currently have the Rapid7 InsightIDR to Microsoft 365 workflow set up via InsightConnect, and it is successfully sending email notifications when an Investigation is created.

However, we’ve noticed that it does not appear to trigger for:

Standard Alerts
Managed Alerts (MDR)

At the moment, only Investigations generate the email output.

The workflow does work great and ticks alot of boxes for us as it pretty much spits out the full log onto an email which we pipe into our service desk, saves a bit of time when triaging. Would be good if we can also expand this to standard alerts and MDR alerts.

The guidance in the setup states “Make sure Alerts is selected under "Data Export Types" and click "Save" however, I don’t seem to have that option in IDR.

Just wondering if anyone has managed to overcome this or whether you have any advice?

Thanks!

Darrick_Hall · February 23, 2026, 9:08pm

If you create a net new workflow one of the options is Alerts as a trigger. When the trigger selection menu opens up, type “Rapid7” scroll down to Rapid7 InsightIDR and you can choose Alerts as your triggering event.

orowan · February 26, 2026, 1:32pm

Hi Darrick,

This is what I ended up doing in the end. I pretty much mirrored the pre-exisiting workflow but tweaked this to use alerts instead. Seems to have done the trick!

Thanks,

Darrick_Hall · February 26, 2026, 2:25pm

I am glad it worked out for you. I prefer to work out of alerts personally. It is a one to one relationship. one alert has one evidence. For the majority of automation situations I personally think alerts are the better automation experience.