Get Azure Security Center tasks via API

Question

im trying to write a backend program that will get all of Azure Security Center tasks (Recommendation) with no browser authorization involved. As far as i saw, Graph API does not have an end point for Security tasks and the only endpoint i could find is https://learn.microsoft.com/en-us/rest/api/securitycenter/tasks/list which supports only Implicit flow authorization. Is there a way to get authorization without using consent window in the browser, or to get the tasks via different endpoint?

Answer 1

For those who will need this in the future, it is possible. It didnt work for me because i requested the bearer token from the wrong address, use the following url for the bearer token request:

https://login.microsoftonline.com/{tenantId}/oauth2/token

And NOT:

https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token (This is the azure AD typical bearer token request url)

Answer 2

If you would rather not mess around with getting the bearer token (and you want to go the powershell route) you can also use Invoke-AzRestMethod

# Capture everything MDC can do from a REST API
$Capabilities = (Invoke-AzRestMethod -ApiVersion "2022-09-01" -ResourceProviderName 'Microsoft.Security').Content | ConvertFrom-Json
$Capabilities.resourceTypes

Answer 3

You can use the below Powershell script which is using the REST API to get all the tasks:

$subscriptionId = "yoursubid"
$context = Get-AzContext
$profile = [Microsoft.Azure.Commands.Common.Authentication.Abstractions.AzureRmProfileProvider]::Instance.Profile
$profileClient = New-Object -TypeName Microsoft.Azure.Commands.ResourceManager.Common.RMProfileClient -ArgumentList ($profile)
$token = $profileClient.AcquireAccessToken($context.Subscription.TenantId)
$authHeader = @{
    'Content-Type'  = 'application/json'
    'Authorization' = 'Bearer ' + $token.AccessToken
}

$uri = "https://management.azure.com/subscriptions/$subscriptionId/providers/Microsoft.Security/tasks?api-version=2015-06-01-preview"

$response = Invoke-RestMethod -Uri $uri `
                              -Method Get `
                              -Headers $authHeader
$response.value | ConvertTo-Json

OR

You can directly use Azure CLI to get directly .

Command:
az security task list

Reference:

az security task | Microsoft Docs

Install the Azure Az PowerShell module with PowerShellGet | Microsoft Docs

Output for the above powershell script: