Blog Post

Microsoft Sentinel Blog

10 MIN READ

Understanding API connections for your Microsoft Sentinel Playbooks

Microsoft

Jul 29, 2021

In addition to being a Security Information and Event Management (SIEM) tool, Microsoft Sentinel is a Security Orchestration, Automation, and Response (SOAR) platform. Automation takes a few differen...

Updated Nov 03, 2021

Version 2.0

MariaSousaValadas

Microsoft

Joined August 14, 2020

View Profile

Microsoft Sentinel Blog

Microsoft Sentinel is a cloud-native SIEM, enriched with AI and automation to provide expansive visibility across your digital environment.

Jonhed

Iron Contributor

Apr 11, 2022

MariaSousaValadas Sreedhar_Ande

The only option listed for the O365 Connector is user identity, but what if you have MFA enabled in the environment?

I found the document below, but my understanding is that the settings listed (MaxAgeMultiFactor etc) have been deprecated now that the token/session lifetime settings have moved to AAD conditional access. Is there any updated info in regards to these new conditional access settings?

https://support.microsoft.com/en-us/topic/recommendations-for-conditional-access-and-multi-factor-authentication-in-microsoft-flow-15e7e8bc-1106-2e89-899b-7c292fbf1736

I find the most secure way to send emails via outlook/exchange, is to give the logic apps Managed ID permission to use Graph API, and send mails via the HTTP connector, but being able to use the standard Outlook connector while also having MFA enabled is obviously easier to configure.

Would very much appreciate any input you might have!