Skip to content

Add Entra Service Principal GUID Resolver Plugin#215

Open
inwafula wants to merge 1 commit intoAzure:mainfrom
inwafula:feature/guid-resolution-plugin
Open

Add Entra Service Principal GUID Resolver Plugin#215
inwafula wants to merge 1 commit intoAzure:mainfrom
inwafula:feature/guid-resolution-plugin

Conversation

@inwafula
Copy link
Contributor

@inwafula inwafula commented Mar 7, 2026

Summary

Adds a new community plugin under Plugins/Community Based Plugins/Microsoft Graph API plugins/GUID Resolution/ that resolves GUIDs from security alerts to Microsoft Entra service principal (Enterprise Application) display names via the Microsoft Graph API.

Files Added

  • sp guid resolver-plugin.yaml - Plugin manifest with AAD Delegated auth
  • sp guid resolver-plugin-spec.yaml - OpenAPI spec with two operations: lookup by Object ID and lookup by Application (Client) ID / appId
  • Readme.md - Documentation with overview, setup instructions, and example prompts

Features

  • Resolve a service principal by Object ID (commonly found in alert Caller fields)
  • Resolve a service principal by Application (Client) ID / appId
  • Returns display name, Object ID, appId, service principal type, account enabled status, and publisher name
  • Can also be used as a tool when building a Security Copilot Custom Agent

Add Entra Service Principal GUID Resolver plugin
6a4e1d8 
Adds a new community plugin that resolves GUIDs from security alerts to Microsoft Entra service principal (Enterprise Application) display names via Microsoft Graph API. Supports lookup by Object ID and Application (Client) ID / appId. Can also be used as a tool when building a Security Copilot Custom Agent.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@inwafula