On August 11, 2023, Cisco announced that Cisco SecureX will go end-of-life on July 31, 2024. The content in this Github repository will not be actively maintained following this announcement.

Microsoft Online Dynamic Object Update (Remote)

Workflow #0031

Microsoft provides a JSON-formatted feed of their networks and domains for their various cloud services. This workflow demonstrates fetching that JSON, reformatting it, and updating a dynamic object group on Cisco Secure Firewall.

There are two different ways to integrate Secure Firewall with orchestration. For more information about these two methods and which to use, please see this page.


Change Log

Date Notes
May 26, 2021 - Initial release
Sep 10, 2021 - Updated to use the new system atomics
Sep 7, 2022 - Minor updates to naming and descriptions

See the Important Notes page for more information about updating workflows


  • The following system atomics are used by this workflow:
    • Secure Firewall - Create Dynamic Object Group
    • Secure Firewall - Get Access Token
    • Secure Firewall - Get Dynamic Object Group Mappings
    • Secure Firewall - Update Dynamic Object Group Mappings
  • The following atomic actions must be imported before you can import this workflow:
    • None
  • The targets and account keys listed at the bottom of the page
  • Cisco Secure Firewall (software version 7.0 or newer)

Workflow Steps

  1. Get an access token for Secure Firewall
  2. Get the existing dynamic object group mappings
  3. Check if fetching the mappings succeeded (if not, create a new dynamic object group)
  4. Fetch the JSON from Microsoft and generate a list of records to add and to remove
  5. Check if any records need to be added (if so, add them)
  6. Check if any records need to be removed (if so, remove them)


  • Go to Microsoft’s website to get the URL for the worldwide endpoint JSON. Click the link on the second bullet to https://endpoints.office.com/endpoints/worldwide and copy the URL into the Microsoft Endpoints URL local variable in the workflow
  • Set the Dynamic Object Group Name local variable to the name of the object group you want to update. Note that this group must be created on Firewall Management Center prior to running the workflow


Note: If your FMC is on-premises and not accessible from the internet, you will need a SecureX orchestration remote to use FMC with orchestration.

Target Name Type Details Account Keys Notes
FMC Target HTTP Endpoint Protocol: HTTPS
Host: your-firewall-management-center
Path: api/
FMC API Credentials  

Account Keys

Account Key Name Type Details Notes
FMC API Credentials HTTP Basic Authentication Username: FMC Username
Password: FMC Password
Account must have API permissions