The "Respond" module allows partners to create customizable rules which trigger automated actions in order to minimize the risk when some conditions are met, it gives the ability to react faster to real time events being managed by SaaS Alerts.

Requirements

1. SaaS Alerts "MSP Admin" privileges
2. Sign in with Microsoft or Google Oauth or Enable MFA in SaaS Alerts user settings
3. Accept all "Respond" module security permissions
   
   *Note - Please make sure you disable MFA if you choose to use Google or Microsoft Authentication

Rules

After the "Respond" permissions requirements are accepted you will land on the "Rules" screen. From here partners will be able to create a new rule and manage existing rules, or turn off the "Respond" module completely. 

Creating a Rule

Before creating a rule it's important to understand how rules are structured.  Rules apply to one or more organizations, at least one account (typically a user account), and must be "listening" for at least one event.  Rules can then have "Responses" or actions that are taken if the rule conditions are observed "triggering" the response.   It is possible to select a "no-action" which is the equivalent of creating a new SaaS Alerts event.

The anatomy of a rule can be described as:
Observed Event(s) for Customer Organization(s) and SaaS Application Account(s) which
Trigger actions selected by the MSP Admin to perform automated Response(s). 

Creating a Rule:

1. From the Respond "Rules" screen click on the button.
2. Click on "Untitled Rule" to edit the name of the new rule.
3. Under the "Trigger" section. Select the application to be monitored currently only Microsoft 365 can be selected. Next, select the "Organizations and Accounts" button.

     4. Select the "Organizations" and "Accounts" to be monitored. Partners have the option to select one, all, or multiple organizations and accounts. 

Note: If "Trigger rules for all organizations" or "Trigger rules for all accounts" is active this will include all Organizations and Accounts to be added in the future.

Next, Click on the "Events" button to go to the next screen. 

     5. On the "Events" screen partners will be able to select the event or "Alert Description" that needs to occur in order for this rule to be triggered. Select the event, set the number of occurrence and the timeframe. The minimum occurrence is 1, and the minimum timeframe 15 minutes.  Partners will also have the option to add multiple events with equal or different parameters with the ability of combining them as well. Logical "OR" and "AND" operators are available to create complex event monitoring flows.

     6. Next, click on the "Summary" button to review the "Trigger" section. If you want to add, change or remove any of the "Trigger" settings, please click on the edit pencil or the numbers to go back to the previous screen. If everything looks correct please scroll down and advance to the "Response" section.                                                                                                                                               7. Under the "Response" section. Select the response for the trigger previously set. Then select the "Action Approval Type" where you can choose if the response for the trigger will execute automatically or a manual approval by the "MSP Admin" is needed.

Click on the "Alert Severity" button to go to the next screen.     

     8. On the "Alert Severity" screen partners are able to customize the "Alert Severity" such as Critical, Medium or Low for the created event. 

Click on the "SMS Alerts" button to go to the next screen.   

     9. On the "SMS Alerts" screen is where a MSP Admin can provide a phone number in order to enable the capability to receive SMS notifications for when a response gets triggered. Multiple phone numbers can be added.

     10. Next, click on the "Summary" button to review the "Response" section. If you want to add, change or remove any of the "Response" settings, please click on the edit pencil or the numbers to go back to the previous screen. If everything looks correct please scroll down and advance to the "Schedule" section.   

     11. Under the "Schedule" section, partners can set a schedule to limit the time where the "Rule" will be active. It can be set to "Always On" and the "Rule" will remain active 24/7.  

     12. Partners can set it to a "Specific Time and Duration" with a start and end date.

     13. It can be also set to "Recurring" where partners have the option to run the rule on a daily, weekly or monthly basis. 

     14. Now that you have specified the "Trigger", configure the "Response" and added the "Schedule", Please click on the "Save Rule" button. If you choose to continue working where you left it later, then click on the "Save As Draft" button.

Important notes:
SaaS Alerts Respond is a separate Enterprise  App from the "original" SaaS Alerts Enterprise App.  This design choice was made to provide additional security features.

• When you connect Respond to a Customer Organization, a new Enterprise App will be added to the tenant. Without this Enterprise App, Respond cannot function. Each Customer Organization must be individually authenticated and connected to Respond.

  
  
  
  
• Respond can be disconnected at any time by selecting "Turn off Respond" in the SaaS Alerts control panel, or by deleting the Enterprise App from the Azure AD / Enterprise Apps control page.