We’re looking to integrate Microsoft Graph API in our workflows - actions like POSTing to confirm a user as compromised in Azure AD.
From reading what other’s have mentioned, the safest and most flexible option seems to be using the Python3 plugin, since there’s no native connection for it. However, we don’t want to send over any secrets, keys, or ID’s over plaintext within logs. I understand using Global Artifacts and workflow parameters aren’t ideal either.
Anyone have recommendations or experience in implementing this securely and effectively?
You can input your api secret key in the secret key field within the python connection. That leaves you the username and password field still. I don’t know that you will need username or password, so you could use those two fields as well for your app id and tenant id.
I’ve put in an enhancement request asking to have two additional fields for this specific reason. I’ll follow up with the team tomorrow and see if it has made any traction up the priority board.
If you wanted to use some form of encryption when storing your data in your Global Artifact, that keeps it more secure while in the GA, but it is still going to be stored within your job data.
If you look at the responses from some of those Graph calls, what you want to keep sensitive is actually returned in the call, so be aware. For example, I think Tenant ID is part of the payload for some defender alerts.