In Part 1 of this series we brainstormed an idea for an app that would generate automated vulnerability reports using the Microsoft Defender for Endpoint API and email those recommendations directly to our end-users. We created an app registration in Azure AD, granted it the appropriate permissions to query the various Microsoft APIs, and finally scoped those application permissions so that our app could only send mail on behalf of a specific shared mailbox. With all of that supporting infrastructure sorted we can finally get started writing the script - but to do that we need to understand the OAuth 2.0 client credentials flow.
This blogpost came about through my development of an exploit for a Firefox vulnerability towards the end of last year. Before I get into the technical details, there's a little bit of background required about what happened over the couple of months in which I developed the exploit and my old version of the article.