I'm trying to use a playbook trigged by an analytics rule to automate sending an approval email for things like a new device being registered to a user or MFA settings being changed. When the playbook is triggered I seem to get inconsistent entity information from the incident, for example sometimes "accountname" only shows first.last and sometimes accountname is the full UPN which is what I want and what's specified in the analytics rule. Because of this the playbook fails later when I try to use the accountname for other things. How can I get this to be consistent?
You dont mention which rule / data table. But I know we sometimes have had to fix certain Rules to validate the entity information to make it more consistent, for automations to work properly.
In that case maybe the rule can be improved, is it a rule that is using a legacy schema item, so you need to choose the newer column, or can you enhance the entity when you see a malformed UPN?