Using Logic Apps to trigger Work Items in DevOps from triggers in Azure Security Center.

%3CLINGO-SUB%20id%3D%22lingo-sub-1163732%22%20slang%3D%22en-US%22%3EUsing%20Logic%20Apps%20to%20trigger%20Work%20Items%20in%20DevOps%20from%20triggers%20in%20Azure%20Security%20Center.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1163732%22%20slang%3D%22en-US%22%3E%3CP%3EDear%20Colleagues%2C%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20looking%20for%20a%20workflow%20that%20is%20triggered%20from%20anything%20in%20Azure%20Security%20Center%20(reccomendations%20first)%20to%20a%20new%20bug%20or%20issue%20in%20Azure%20DevOps.%20Right%20after%20this%20there%20is%20a%20trigger%20in%20Teams%20that%20a%20new%20item%20is%20an%20issue%20to%20work%20on.%20The%20team%20works%20in%20Teams%20and%20accomplished%20the%20tasking%20inside%20of%20Azure%20DevOps.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1163738%22%20slang%3D%22en-US%22%3EPOC%20Accomplished%20until%20now%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1163738%22%20slang%3D%22en-US%22%3E%3CP%3E1.%20Reccomendations%20do%20get%20delivered%20to%20a%20Mail%20Account%3C%2FP%3E%3CP%3E2.%20Reccomendations%20do%20get%20delivered%20to%20a%20Team%20Channel%3C%2FP%3E%3CP%3E2a.%20item%20in%20Team%20channel%20can%20be%20linked%20to%20an%20existing%20DevOps%20issue%20but%20is%20not%20able%20to%20open%20a%20new%20one.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E3.%20Faulted...Reccomendation%20to%20get%20delivered%20to%20Azure%20DevOps%20Work%20Item%20did%20not%20work.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20new%20item%20would%20be%20nice%20to%20raise%20an%20issue%20in%20work%20items%20and%20then%20notify%20a%20teams%20channel.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1166149%22%20slang%3D%22en-US%22%3ERe%3A%20POC%20Accomplished%20until%20now%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1166149%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F551606%22%20target%3D%22_blank%22%3E%40mthibodeaux%3C%2FA%3E%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EDoes%20the%20Logic%20App%20Azure%20DevOps%20trigger%20does%20not%20work%20for%20you%3F%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22yoavfrancis_0-1581418744014.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F170291i495AF60A16A98B3B%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20title%3D%22yoavfrancis_0-1581418744014.png%22%20alt%3D%22yoavfrancis_0-1581418744014.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIt%20should%20allow%20you%20to%20achieve%20what%20you%20need.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThanks%2C%3C%2FP%3E%0A%3CP%3EYoav%20Francis%3C%2FP%3E%0A%3CP%3ESenior%20Program%20Manager%2C%20Azure%20Security%20Center%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1167544%22%20slang%3D%22en-US%22%3ERe%3A%20POC%20Accomplished%20until%20now%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1167544%22%20slang%3D%22en-US%22%3ENope...my%20admin%20role%20is%20not%20security%20admin%20and%20I%20would%20have%20to%20develop%20a%20web%20hook%20that%20uses%20a%20service%20principle%20that%20has%20the%20RBAC%20implemeted.%20Both%20are%20hard%20at%20the%20moment.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1167559%22%20slang%3D%22en-US%22%3ERe%3A%20POC%20Accomplished%20until%20now%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1167559%22%20slang%3D%22en-US%22%3EFor%20some%20reason%20the%20web%20hook%20standard%20implementation%20is%20not%20designed%20for%20oauth%20and%20using%20service%20principles.%20If%20it%20were%20thing%20would%20not%20take%20additional%20effort.%3CBR%20%2F%3E%3CBR%20%2F%3EFurthermore%20the%20integration%20into%20DevOps%20and%20yes%20would%20be%20pretty%20much%20complete.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1181945%22%20slang%3D%22en-US%22%3ERe%3A%20POC%20Accomplished%20until%20now%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1181945%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F311322%22%20target%3D%22_blank%22%3E%40yoavfrancis%3C%2FA%3EThanks%20for%20your%20response%20so%20I%20have%20tried%20it%20in%20several%20variations%20and%20an%20initial%20one%20worked%20but%20here%20is%20how%20it%20is%20confirgured%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EStep%201%3A%20Use%20App%20--%26gt%3B%20When%20an%20Azure%20Security%20Center%20Recommendation%20is%20created%20or%20triggered%3CBR%20%2F%3E(Preview)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EStep%202%3A%3C%2FP%3E%3CTABLE%20border%3D%221%22%20width%3D%22100%25%22%3E%3CTBODY%3E%3CTR%3E%3CTD%20width%3D%2250%25%22%3E%3CP%3EAzure%20DevOps%20App%3A%20Create%20a%20work%20item%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22AzureDevOps_Create%20Item.GIF%22%20style%3D%22width%3A%20275px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F172017i238DC54025C048DC%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20title%3D%22AzureDevOps_Create%20Item.GIF%22%20alt%3D%22AzureDevOps_Create%20Item.GIF%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CDIV%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%3C%2FTD%3E%3CTD%20width%3D%2250%25%22%3E%3CP%3EO365%20App%3A%20Send%20an%20email%20(V2)%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22AzureDevOps_O365%20Send%20Mail.GIF%22%20style%3D%22width%3A%20247px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F172015iC2D6613AEE94176F%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20title%3D%22AzureDevOps_O365%20Send%20Mail.GIF%22%20alt%3D%22AzureDevOps_O365%20Send%20Mail.GIF%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FTD%3E%3C%2FTR%3E%3C%2FTBODY%3E%3C%2FTABLE%3E%3CTABLE%20border%3D%221%22%20width%3D%22100%25%22%3E%3CTBODY%3E%3CTR%3E%3CTD%20width%3D%22100%25%22%3E%3CP%3EMS%20Teams%20App%3A%20Post%20a%20message%20(V3)%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22AzureDevOps_Teams%20Post.GIF%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F172016i119C1B6EBDA8BD83%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20title%3D%22AzureDevOps_Teams%20Post.GIF%22%20alt%3D%22AzureDevOps_Teams%20Post.GIF%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FTD%3E%3C%2FTR%3E%3C%2FTBODY%3E%3C%2FTABLE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20mail%20and%20the%20teams%20one%20works%20but%20the%20Azure%20DevOps%20one%20does%20not.%20Any%20chance%20that%20I%20am%20doing%20something%20incorrect%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMichael%3C%2FP%3E%3CDIV%20class%3D%22msla-card-body%22%3E%3CDIV%20class%3D%22msla-parameter-group%20%22%3E%3CDIV%20class%3D%22msla-input-parameters-body%22%3E%3CDIV%20class%3D%22msla-no-inputs-text%22%3E%26nbsp%3B%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1182004%22%20slang%3D%22en-US%22%3ERe%3A%20POC%20Accomplished%20until%20now%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1182004%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F551606%22%20target%3D%22_blank%22%3E%40mthibodeaux%3C%2FA%3E%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ECould%20you%20kindly%20open%20a%20support%20ticket%20routed%20to%20Logic%20App%3F%20they'll%20be%20able%20to%20provide%20support%20for%20the%20Azure%20DevOps%20action%20that%20you're%20trying%20to%20trigger%20and%20doesn't%20work.%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22yoavfrancis_0-1582119952754.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F172026iB9A379063F1C3B8A%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20title%3D%22yoavfrancis_0-1582119952754.png%22%20alt%3D%22yoavfrancis_0-1582119952754.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThanks%2C%3C%2FP%3E%0A%3CP%3EYoav%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1182085%22%20slang%3D%22en-US%22%3ERe%3A%20POC%20Accomplished%20until%20now%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1182085%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F311322%22%20target%3D%22_blank%22%3E%40yoavfrancis%3C%2FA%3E%20so%20I%20reorganized%20the%20logical%20app%20adn%20on%20one%20test%20without%20any%20fields%20a%20new%20bug%20in%20Azure%20DevOps%20was%20added.%20Because%20of%20this%20success%20I%20added%20some%20values%20in%20the%20devops%20app.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAfter%20adding%20the%20values%20the%20app%20failed%20becasue%20the%20field%20were%20not%20found.%20Interestingly%20enough%20when%20the%20mail%20app%20and%20the%20devops%20app%20are%20run%20in%20parrallel%20a%20mail%20is%20sent%20with%20the%20appropriate%20fields%20but%20the%20DevOps%20app%20fails.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1182116%22%20slang%3D%22en-US%22%3ERe%3A%20POC%20Accomplished%20until%20now%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1182116%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F311322%22%20target%3D%22_blank%22%3E%40yoavfrancis%3C%2FA%3EIt%20woudl%20be%20great%20but%20the%20permission%20is%20not%20granted%20to%20add%20this.%20I%20will%20be%20adding%20this%20to%20the%20MS%20Teams%20with%20our%20MS%20TAM.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

Dear Colleagues, 

 

I am looking for a workflow that is triggered from anything in Azure Security Center (reccomendations first) to a new bug or issue in Azure DevOps. Right after this there is a trigger in Teams that a new item is an issue to work on. The team works in Teams and accomplished the tasking inside of Azure DevOps. 

8 Replies
Highlighted

1. Reccomendations do get delivered to a Mail Account

2. Reccomendations do get delivered to a Team Channel

2a. item in Team channel can be linked to an existing DevOps issue but is not able to open a new one. 

 

3. Faulted...Reccomendation to get delivered to Azure DevOps Work Item did not work.

 

The new item would be nice to raise an issue in work items and then notify a teams channel.

Highlighted

Hi @mthibodeaux,

 

Does the Logic App Azure DevOps trigger does not work for you?

yoavfrancis_0-1581418744014.png

 

It should allow you to achieve what you need.

 

Thanks,

Yoav Francis

Senior Program Manager, Azure Security Center

Highlighted
Nope...my admin role is not security admin and I would have to develop a web hook that uses a service principle that has the RBAC implemeted. Both are hard at the moment.
Highlighted
For some reason the web hook standard implementation is not designed for oauth and using service principles. If it were thing would not take additional effort.

Furthermore the integration into DevOps and yes would be pretty much complete.
Highlighted

@yoavfrancisThanks for your response so I have tried it in several variations and an initial one worked but here is how it is confirgured:

 

Step 1: Use App --> When an Azure Security Center Recommendation is created or triggered
(Preview)

 

Step 2:

Azure DevOps App: Create a work item

 

AzureDevOps_Create Item.GIF

 

O365 App: Send an email (V2)

AzureDevOps_O365 Send Mail.GIF

MS Teams App: Post a message (V3)

AzureDevOps_Teams Post.GIF

 

 

The mail and the teams one works but the Azure DevOps one does not. Any chance that I am doing something incorrect?

 

Michael

 
Highlighted

Hi @mthibodeaux,

 

Could you kindly open a support ticket routed to Logic App? they'll be able to provide support for the Azure DevOps action that you're trying to trigger and doesn't work.

yoavfrancis_0-1582119952754.png

 

 

Thanks,

Yoav

Highlighted

@yoavfrancis so I reorganized the logical app adn on one test without any fields a new bug in Azure DevOps was added. Because of this success I added some values in the devops app.

 

After adding the values the app failed becasue the field were not found. Interestingly enough when the mail app and the devops app are run in parrallel a mail is sent with the appropriate fields but the DevOps app fails.

 

Highlighted

@yoavfrancisIt woudl be great but the permission is not granted to add this. I will be adding this to the MS Teams with our MS TAM.