What Changed
Initial release of GoogleDirectory solution (v3.0.0) for Microsoft Sentinel with enhanced OAuth scope configuration for Google Workspace API integration.
Playbook Integration Enhancement
The solution includes updated OAuth scopes for the Google Directory API connector:
- Retained existing scope: https://www.googleapis.com/auth/admin.directory.user (basic user management)
- Added new scope: https://www.googleapis.com/auth/admin.directory.user.security (security-related user operations)
Security Impact (Visibility & Coverage)
The expanded OAuth scope enables Microsoft Sentinel playbooks to perform security-focused user management operations in Google Workspace environments, including:
- Security key management for users
- Two-factor authentication configuration changes
- Security-related user attribute modifications
- Enhanced user account security monitoring capabilities
The additional scope unlocks automated incident response capabilities for Google Workspace identity security events that were previously limited to read-only user directory access.
Detection Surface Unlocked
While this solution focuses on playbook automation rather than data ingestion, it enables security teams to:
- Automate user security posture changes in response to Microsoft Sentinel incidents
- Implement automated account security hardening based on threat intelligence
- Orchestrate cross-platform identity security responses between Microsoft and Google environments
Affected Files
Solutions/GoogleDirectory/Package/testParameters.json
Solutions/GoogleDirectory/Playbooks/GoogleDirectoryAPIConnector/azuredeploy.json
Solutions/GoogleDirectory/Playbooks/readme.md
(packaging artefacts: 3.0.0.zip, ReleaseNotes.md, SolutionMetadata.json, Solution_GoogleDirectory.json, createUiDefinition.json, mainTemplate.json)