For access to the Defender API we are using jupyter lab and an "on premises" Ubuntu server, I have the following credentials we use in our notebooks like this.
tenantId = # Paste your tenant ID here
appId = # Paste your own app ID here
appSecret = # Paste your own app secret here
We have a tight budget but I do have access to Azure Key Vault and want to start using it for our notebooks and automated tasks that interact with the Defender API. I'm assuming something like this...
tenantId = # Paste your own tenant ID here
appId = # Paste your own app ID hereDDDD
appSecret = STORE THIS IN AZURE KEY VAULT and retrieve with getsecrets.
I'm trying to understand the best, most professional, way to access the Azure Key Vault?
I can't use 'az login' for automated task scripts? What's the best way to do this? Do I get our Azure Administrator to create a Azure SPN for me, specifically for access to the Azure Key Vault, assign that SPN to the Access Policy of the Key Vault?
And then I use created SPNs clientId, clientSecret, and tenantId to access the key vault and grab the secret like this?