In recent years, hacker attacks have increased, but only the most spectacular ones (such as the Uber hack) receive extensive media coverage. Good to know: As a ScriptRunner customer, you are one step ahead in terms of security.
Microsoft is working on closing security gaps and, if necessary, influencing the behavior of users. Where in the past a login with basic authentication using username and password was a common practice, Microsoft is tightening the thumbscrews and deactivating this in the coming months. Time to make the switch!
What can you do?
Secure access to Microsoft's online services is the focus in the follwing document.
Microsoft's recommendation is to use so called service principals for accessing applications like Microsoft Graph or Microsoft Teams. These are app registrations that are set up in the Azure portal at portal.azure.com in Azure AD (AAD) and only provide access to certain subareas of services.
These app registrations have already established themselves for various applications and are now common standard. When connecting to the Microsoft Teams service, security is further enhanced and a so-called ROPC (resource owner password credentials) workflow is used.
In this workflow, a user account is used in addition to the app registration, thus adding a second factor to security.
The two documents in English and German, located below the blog article, describe step-by-step how to connect using Microsoft Graph Target in ScriptRunner.
Chapters 1 to 6 describe of how to create a service principal and test it as an MS Graph Target, so the documentation is also interesting for customers who want to set up and use ScriptRunner's interface to Microsoft Graph.
The subsequent chapters will guide you how to create the Azure user account with the help of the ROPC workflow – including the API-permissions necessary for Microsoft Teams. The final chapters will cover a small checklist and will also include valuabel advices for troubleshooting.
If you need any help, feel free to contact us via email@example.com – we appreciate your feedback.