Forum Discussion

Meetrajsinh's avatar
Meetrajsinh
Copper Contributor
Jul 11, 2022

Issue with API of Microsoft Defender for Endpoint

Hello team, i tried to access the APIs of Microsoft Defender for Endpoint, but unable to access the APIs, everytime it throws Unautorized status code. I have used application context OAuth Bearer token. Authentication API sends successful response with Access Token, but when tried to use that token to access any API i.e. /api/alerts . It throws Unautorized error. I have also granted the permissions of WindowsDefenderATPI followed this document link: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/exposed-apis-create-app-webapp?view=o365-worldwide for registering app. 

Note: The same configurations are working before 2-3 months, we have not changed anything though itโ€™s giving unauthorized status. Let me know if i have to add something here.

  • BillTheKid's avatar
    BillTheKid
    Brass Contributor
    Part 6) in the link you have posted. Client secret may have expired, make sure it hasn't.
    • Meetrajsinh's avatar
      Meetrajsinh
      Copper Contributor
      I tried with New Secret Key, but receiving same error.
      • BillTheKid's avatar
        BillTheKid
        Brass Contributor

        When your client secret is fine and you still get unauthorized you might be missing the Admin consent for the permission you requested. Every time you add a permission, you must select Grant consent for the new permission to take effect. Need to be done by Global-Administrator for example, Security-Admin is not enough.

Resources