What Changed
Major security enhancement to Microsoft Defender Threat Intelligence playbooks:
- Removed MDTI-Base playbook (legacy authentication model)
- Updated MDTI-Automated-Triage to use managed identity authentication
- Upgraded to Graph API v1.0 for improved stability
- Enhanced documentation for deployment clarity
Security Impact
This update addresses authentication security by eliminating the need for stored client secrets in playbook configurations. Managed identity authentication provides:
- Automatic credential rotation
- No exposed secrets in playbook definitions
- Reduced attack surface for credential theft
- Azure-managed authentication lifecycle
The change requires redeployment of existing MDTI automation workflows but significantly improves security posture.
Affected Files
- Solutions/Microsoft Defender Threat Intelligence/Playbooks/MDTI-Automated-Triage/azuredeploy_new.json (managed identity implementation)
- Solutions/Microsoft Defender Threat Intelligence/Playbooks/MDTI-Base/azuredeploy.json (removed - legacy auth model)
- Solutions/Microsoft Defender Threat Intelligence/Playbooks/MDTI-Base/readme.md (removed)
- (updated deployment images)