Python Azure 计时器 Function 带耐用实体

Question

I'm currently trying to work on my first Azure Function to act as an intermediary between Defender for Endpoints, and Azure Sentinel. It runs every 5 minutes, and collects data matching specific filters from the Defender API to then forward as custom logs to Azure Sentinel. Due to the authentication measures in place on Defender, I've set my script up using ADAL to do a device code logon the first time, then use the refresh tokens to do its scheduled running.

This is where I've come across the problem; since Azure Functions are serverless by design, holding this refresh token somewhere for the next invocation has proven troublesome. I'm trying to use Durable Functions, but the documentation for such a use case seems non-existent.

Are there other appropriate methods to store a singular variable across invocations of an Azure Function?

Answer 1

There are more than one way to solve the problem you are facing with holding the refresh token for every new invocation Azure Functions.

One way to solve the problem is by using a Azure Function Timer Trigger to request new access tokens and Azure Key Vault to store these tokens securely. We want to save them in Key Vault so the next time we invoke our function to refresh our tokens again, we will use the updated values and the next function will be able to obtain that value when invocated.

Check this document to access secrets from key vault.

Another way is enabling the token store in azure function and store it in blob storage. Check this document for more information.