fix: update Microsoft Defender ATP integration parameters to use encr… (#41204)

MLainer1 · web-flow · commit d8853478f3ec · 2025-09-14T13:18:24.000+03:00
* fix: update Microsoft Defender ATP integration parameters to use encrypted types

* fix: update auth parameter types to encrypted and fix password retrieval in Microsoft Defender ATP

* fix: change display to displaypassword for hidden auth fields in Microsoft Defender ATP integration

* fix: replace deprecated _pytest.python_api.raises with pytest.raises

* Creating new parameters to avoid BC
diff --git a/Packs/MicrosoftDefenderAdvancedThreatProtection/Integrations/MicrosoftDefenderAdvancedThreatProtection/MicrosoftDefenderAdvancedThreatProtection.py b/Packs/MicrosoftDefenderAdvancedThreatProtection/Integrations/MicrosoftDefenderAdvancedThreatProtection/MicrosoftDefenderAdvancedThreatProtection.py
@@ -6129,8 +6129,8 @@ def main():  # pragma: no cover
     params_endpoint_type = params.get("endpoint_type") or "Worldwide"
     params_url = params.get("url")
     is_gcc = params.get("is_gcc", False)
-    tenant_id = params.get("tenant_id") or params.get("_tenant_id")
-    auth_id = params.get("_auth_id") or params.get("auth_id")
+    tenant_id = params.get("tenant_id") or params.get("_tenant_id") or params.get("_tenant_id_encrypted", {}).get("password")
+    auth_id = params.get("_auth_id") or params.get("auth_id") or params.get("_auth_id_encrypted", {}).get("password")
     enc_key = (params.get("credentials") or {}).get("password") or params.get("enc_key")
     use_ssl: bool = not params.get("insecure", False)
     proxy: bool = params.get("proxy", False)
diff --git a/Packs/MicrosoftDefenderAdvancedThreatProtection/Integrations/MicrosoftDefenderAdvancedThreatProtection/MicrosoftDefenderAdvancedThreatProtection.yml b/Packs/MicrosoftDefenderAdvancedThreatProtection/Integrations/MicrosoftDefenderAdvancedThreatProtection/MicrosoftDefenderAdvancedThreatProtection.yml
@@ -24,16 +24,30 @@ configuration:
   - Custom
   advanced: true
   required: false
+- displaypassword: ID
+  name: _auth_id_encrypted
+  type: 9
+  hiddenusername: true
+  section: Connect
+  required: false
+- displaypassword: Token
+  name: _tenant_id_encrypted
+  type: 9
+  hiddenusername: true
+  section: Connect
+  required: false
 - display: ID
   name: _auth_id
   type: 0
   section: Connect
   required: false
+  hidden: true
 - display: Token
   name: _tenant_id
   type: 0
   section: Connect
   required: false
+  hidden: true
 - displaypassword: Key
   section: Connect
   name: credentials
@@ -5815,7 +5829,7 @@ script:
     - contextPath: MicrosoftATP.PublicVulnerability.UpdatedOn
       description: The date and time when this vulnerability was last updated.
       type: String
-  dockerimage: demisto/crypto:1.0.0.3539024
+  dockerimage: demisto/crypto:1.0.0.4578119
   isfetch: true
   runonce: false
   script: '-'
diff --git a/Packs/MicrosoftDefenderAdvancedThreatProtection/Integrations/MicrosoftDefenderAdvancedThreatProtection/MicrosoftDefenderAdvancedThreatProtection_test.py b/Packs/MicrosoftDefenderAdvancedThreatProtection/Integrations/MicrosoftDefenderAdvancedThreatProtection/MicrosoftDefenderAdvancedThreatProtection_test.py
@@ -5,7 +5,6 @@
 import demistomock as demisto
 import pytest
 import requests_mock
-from _pytest.python_api import raises
 from CommonServerPython import DemistoException, snakify
 from freezegun import freeze_time
 from MicrosoftDefenderAdvancedThreatProtection import (
@@ -1081,7 +1080,9 @@ def test_add_error_message(failed_devices, all_requested_devices, expected_resul
 def test_add_error_message_raise_error(failed_devices, all_requested_devices):
     from MicrosoftDefenderAdvancedThreatProtection import add_error_message
 
-    with raises(DemistoException, match=f"Microsoft Defender ATP The command was failed with the errors: {failed_devices}"):
+    with pytest.raises(
+        DemistoException, match=f"Microsoft Defender ATP The command was failed with the errors: {failed_devices}"
+    ):
         add_error_message(failed_devices, all_requested_devices)
 
 
diff --git a/Packs/MicrosoftDefenderAdvancedThreatProtection/ReleaseNotes/1_20_9.md b/Packs/MicrosoftDefenderAdvancedThreatProtection/ReleaseNotes/1_20_9.md
@@ -0,0 +1,7 @@
+
+#### Integrations
+
+##### Microsoft Defender for Endpoint
+
+- Updated the Docker image to: *demisto/crypto:1.0.0.4578119*.
+- Updated the Microsoft Defender Advanced Threat Protection integration parameters: *ID* and *Token* to be encrypted.
diff --git a/Packs/MicrosoftDefenderAdvancedThreatProtection/pack_metadata.json b/Packs/MicrosoftDefenderAdvancedThreatProtection/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Microsoft Defender for Endpoint",
     "description": "Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection (ATP)) is a unified platform for preventative protection, post-breach detection, automated investigation, and response.",
     "support": "xsoar",
-    "currentVersion": "1.20.8",
+    "currentVersion": "1.20.9",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",
