MicrosoftHi,
API's are great starting point. I have two questions:
1) Authentication using local tokens
In contrast to using a App Registration Service Principals, for Azure REST API we normally log on using locally cached credentials. I wonder if users having the role Security Adminstrator or Security Reader can obtain access to Threat & Vulnerability Management API's. The same question is for Service Principals that are used in Azure DevOps Powershell tasks, where we usally grab the local tokens for the logged on Service Connnection. Using App Regsitration Service Principals only invloves exposing secrets to users, which is not very desirable. I tried using the locally cached tokens, but got 401 Unautorized errors returned.
2) Machines data model
When listing machine the data is missing the unique Azure Resource ID. The only way finding back the machine is by its name an IP address, which may be in a multi-subscription, multi-resource group environment not uniquely identifiable. Netiher is it the other way around we a known VM may not be found only by its name and IP address. It is possible to include the Azure Unique Resource ID in the dataset, as it can be found in the Azure Metadata Instance API (see https://docs.microsoft.com/en-us/azure/virtual-machines/windows/instance-metadata-service
Thanks a lot in advance.
Arjen
