On August 11, 2023, Cisco announced that Cisco SecureX will go end-of-life on July 31, 2024. The content in this Github repository will not be actively maintained following this announcement.

Microsoft Online Object Group Update

Workflow #0004

Microsoft provides a JSON-formatted feed of their networks and domains for their various cloud services. This workflow fetches that JSON, filters it, compares it to an existing network object group in Cisco Defense Orchestrator (CDO), and then updates the group as needed. Note: This workflow only processes IPv4 addresses

Overview GitHub

Change Log

Date Notes
Nov 24, 2020 - Initial release
Aug 31, 2022 - Minor updates to naming and descriptions

See the Important Notes page for more information about updating workflows


  • The following system atomics are used by this workflow:
    • None
  • The following atomic actions must be imported before you can import this workflow:
    • None
  • The targets listed at the bottom of the page
  • Cisco Defense Orchestrator (CDO) (API token can be generated on your settings page)

Workflow Steps

  1. Fetch the online services information JSON from Microsoft
  2. Get the existing object group from Defense Orchestrator
  3. Figure out what changes are needed
  4. Check if any changes are needed
    • If not, end the workflow
  5. Create each new network object
  6. Generate the JSON to update the object group
  7. Update the object group using the Defense Orchestrator API


  • If you want the workflow to run on a schedule, you need to create a schedule and then add it as a trigger within the workflow
  • Provide the workflow your Defense Orchestrator API token by either:
    • Storing your token in a global variable and using the Fetch Global Variables group at the beginning of the workflow to update the CDO Bearer Token local variable; or
    • Leave the Fetch Global Variables group disabled and add your token directly to the CDO Bearer Token local variable
  • Validate the name of the network object group that’ll be updated in Defense Orchestrator in the CDO Object Group Name local variable
  • Go to Microsoft’s website to get the URL for the worldwide endpoint JSON. Click the link on the second bullet to https://endpoints.office.com/endpoints/worldwide and copy the URL into the Microsoft Endpoints URL local variable in the workflow


Target Group: Default TargetGroup

Target Name Type Details Account Keys Notes
Cisco Defense Orchestrator HTTP Endpoint Protocol: HTTPS
Host: defenseorchestrator.com
Path: /aegis/rest/v1/