Forum Discussion
youknowme
Dec 13, 2024Copper Contributor
Microsoft Defender Vulnerability Management Trial API access error
I enrolled in the Microsoft Defender Vulnerability Management Trial standalone. Registered an app in my tenant. Granted all the permissions under WindowsDefenderATP for the app. Then I tried getting a token using the following:
curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "client_id=<CLIENT_ID>" -d "client_secret=<CLIENT_SECRET>" -d "scope=https://api.securitycenter.microsoft.com/.default" -d "grant_type=client_credentials" "https://login.microsoftonline.com/<TENANT_ID>/oauth2/v2.0/token"
JWT token
{
"typ": "JWT",
"alg": "RS256",
"x5t": "zxeg2WONpTkwN5GmeYcuTdtC6J0",
"kid": "zxeg2WONpTkwN5GmeYcuTdtC6J0"
}.{
"aud": "https://api.securitycenter.microsoft.com",
"iss": "https://sts.windows.net/bfd56b27-9b4a-4137-9327-688be945eb6d/",
"iat": 1734046366,
"nbf": 1734046366,
"exp": 1734050266,
"aio": "k2BgYBBuZZgz0Z/xBc9yZoNOo6ctAA==",
"app_displayname": "VulnMgmt-Single",
"appid": "d0657b55-c822-46e9-bf1b-04af2f998df0",
"appidacr": "1",
"idp": "https://sts.windows.net/bfd56b27-9b4a-4137-9327-688be945eb6d/",
"idtyp": "app",
"oid": "2bb8ece7-d8fa-4bc7-a9ee-c8ff7af9c621",
"rh": "1.AWEBJ2vVv0qbN0GTJ2iL6UXrbWUEePwXINRAoMUwcCJHG5JiAQBhAQ.",
"roles": [
"Machine.Isolate",
"Event.Write",
"SecurityConfiguration.ReadWrite.All",
"IntegrationConfiguration.ReadWrite",
"Machine.Scan",
"Ip.Read.All",
"User.Read.All",
"Machine.ReadWrite.All",
"Machine.LiveResponse",
"SecurityRecommendation.Read.All",
"Machine.RestrictExecution",
"Machine.StopAndQuarantine",
"Alert.Read.All",
"Software.Read.All",
"SecurityConfiguration.Read.All",
"File.Read.All",
"Machine.CollectForensics",
"Machine.Offboard",
"SecurityBaselinesAssessment.Read.All",
"Vulnerability.Read.All",
"Library.Manage",
"Machine.Read.All",
"Score.Read.All",
"RemediationTasks.Read.All",
"Alert.ReadWrite.All",
"AdvancedQuery.Read.All"
],
"sub": "2bb8ece7-d8fa-4bc7-a9ee-c8ff7af9c621",
"tenant_region_scope": "NA",
"tid": "bfd56b27-9b4a-4137-9327-688be945eb6d",
"uti": "FDXfroIpB0eXj3A4PrY7AA",
"ver": "1.0",
"xms_idrel": "14 7"
}.[Signature]
I tried the token to get the machines and vulnerabilities. For all APIs,
{
"error": {
"code": "Unauthorized",
"message": "Unauthorized request - reason of failure: Account mode is inactive",
"target": "|be73530f-4500fd647a8fd1b9."
}
}
I get the same error:
"Unauthorized request - reason of failure: Account mode is inactive."
I tried the health check API:
https://api.securitycenter.microsoft.com/api/health
It's working (200).
I can see the vulnerabilities and the devices I onboarded in the Vulnerability Management portal. I can also access the API explorer and hit some APIs successfully (like vulnerabilities and software, though I get the same error while getting the machine list and alerts, etc). But the apis always gives this error.
I have verified that Microsoft Defender Vulnerability Management Trial is Active in Microsoft 365 portal.
I also tried switching the token URL to api.security instead of the security center. Not working.
Any help is greatly appreciated.
- ArthurS1790Copper Contributor
wrong type of an account. Trial?