Device Notification with Microsoft Flow

For a couple of IoT projects I’ve been working on, I wanted to allow scripts to trigger a notification on my phone. I evaluated a number of solutions, but many of them were paid services that only served that particular purpose. Additionally, many of them did not include the ability to customise the notifications.

A solution presented itself when I began to look at creating workflows with Microsoft Flow, which is included in an Office 365 for business subscription. Microsoft Flow basically allows for a trigger event to cause a number of actions. In this case there was a trigger that could be activated when a web request was made to a specific URL and one of the actions was to trigger a notification on a phone. Additionally, by including a JSON POST in the request, it was possible to modify the content of the notification. As a point of interest you could also send an email with almost the same setup if it would better suit the application.

Procedure

  1. Login to your Office 365 portal (portal.office.com)
  2. Click on the Flow link
  3. Click the button for “Create from blank”
  4. Search for the “When a HTTP request is received” trigger and add it to the flow
  5. Create the JSON Schema
    1. This is probably the most complicated part of the whole procedure as you need to define the JSON structure that will be used to provide parameters for your notification
    2. For my notification system, I only wanted to provide two parameters:
      1. A source field for the device or application sending me a message
      2. A message field for the contents of the actual message
    3. The JSON structure for these two fields looked likes the following:
      {
      
      "type": "object",
      
      "properties": {
      
      "Source": {
      
      "type": "string"
      
      },
      
      "Message": {
      
      "type": "string"
      
      }
      
      }
      
      }
    4. Note: You could create a far more advanced structure if you wanted more information in your notifications
  6. Now the trigger is fully configured you will need to add an action
    1. In this case, we will add the “send me a mobile notification” action
    2. It’s important to note that this requires you have the Microsoft Flow app installed on your mobile phone.
  7. Next we need to configure the notification action
    1. The only field we need to populate is the Text field which will be displayed as the body of the notification
    2. We could add an arbitrary text string into the field if we only ever want one message to be displayed, however we can reference the variables we created earlier in the JSON Schema to make the message more meaningful.
    3. For example with regard to my JSON schema, I created the message “Source has said Message”
      1. You will notice that the variables outlined in the JSON schema will appear as different symbols in the text, confirming that flow has recognised them as the variables above.
      2. It should look something like the following:Capture
      3. When the notification is generated the source and message placeholders will be replaced by the information you provide in the web request.
  8. Finally save the workflow
    1. This will generate a unique URL that you will make a web request to and will then trigger the notification.
    2. The whole flow should look something like this one:Capture

You will now have a working notification system. Simply install the flow app on your phone, sign into it using the same Microsoft account and make a request to the specified URL. A future blog post will go into detail about how to make a web request and provide the necessary JSON parameters using a number of scripting languages.

New Hosting Provider

For over three years this blog was hosted on a shared server offered by BlueHost. However, six months ago I lost control of the admin account. From what I could gather an adversary had been able to socially engineer BlueHost support into changing the administrator email address to one under their control. Once this had been achieved, they were able to perform password recovery and gain access to the admin account.

Once they had access, they shutdown the server running my blog and launched a high power instance which worked up a considerable bill. After much pain I managed to re-gain access to the admin account and removed the powerful instance. Luckily, BlueHost refunded the cost of the powerful instance.

After this occurred I started looking for other methods of hosting my blog. Initially, I looked at hosting on Amazon Web Services. This method would have given me the best control over the blog as I could create a small Linux EC2 instance and then install WordPress to run my blog. However, this method would have also require me to maintain the site and server, a task I don’t believe I currently have time for.

The solution to this problem was brought to my attention by one of the security podcasts I often listen to “Security Now”. One of the sponsors of the show is Worpress.com which provide you with a WordPress site of your own, that is fully maintained by them. Additionally, their pricing was very reasonable and included the costs of registering the domain.

I created this blog on WordPress.com and will now have the fun of moving my domain registration and blog content over. Hopefully it won’t be too hard.

Additionally, the security of my blog appears to be sufficient. The WordPress.com site supports two factor authentication using either my phone or an authenticator app. I elected to use the authenticator app to eliminate the risk of the SMS message begin intercepted or the telecommunications provider being socially engineered and allowing a SIM swap. Another security benefit provided is that my blog is now running over HTTPS, resulting in my login information being encrypted when it is sent to the site. Hopefully, these measures will be enough to keep the site safe this time.