cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Defender for Cloud Apps REST API - Authentication

mhmmdrn
Copper Contributor

‎Mar 16 2023 07:46 AM

‎Mar 16 2023 07:46 AM

Defender for Cloud Apps REST API - Authentication

Hi Everyone,

I am trying to automate deployment of policies on MDCAS with Powershell and for testing envrironment i have a test tenant which includes Defender for Cloud Apps. I have created a API Token and used it in my Script but i am getting following error

mhmmdrn_0-1678977589858.png

It works on production Tenant. I dont understand the reason.
I have also tried Oauth2 Authentication by adding an WebApp in Azure Active Directory and have assigned all neccessary permissions but at this time i am getting the following error

mhmmdrn_1-1678977777269.png

here is the permissons;

mhmmdrn_2-1678977829595.png

Can anyone tell me what i miss? Or is there another way to deploy policies ? Graph API or PS cmdlets?
Thank you in advance.

854 Views
0 Likes
3 Replies
Reply
3 Replies
Keith_Fleming

‎Mar 20 2023 11:09 AM

‎Mar 20 2023 11:09 AM

Re: Defender for Cloud Apps REST API - Authentication

Hi @mhmmdrn,

 

There currently isn't a way to deploy policies in an automated manner today.

 

The endpoint we do support can be found here:

REST API - Microsoft Defender for Cloud Apps | Microsoft Learn

 

Feel free to add an item and provide your feedback here:

Microsoft 365 Defender · Community

0 Likes
Reply
mhmmdrn

‎Mar 21 2023 12:24 AM

‎Mar 21 2023 12:24 AM

Re: Defender for Cloud Apps REST API - Authentication

@Keith_Fleming thank you for your answer, actually my question was about the authentication. Which Role based Permission should i give to authenticate the app which i created Azure AD? Should i give the app subscription level permissions, contributer etc. 

By the way, there are some endpoints which are not listed in official documentation. For example;

  • /api/v1/policies >> to get all deployed policies
  • /api/v1/policy_templates >> to get all policy templates
  • /api/v1/policy/discovery >> to deploy app discovery policies with Post method. and so on.

These endpoints work as expected. I tried them. But i need assistence in order to authenticate Test Tenant to deploy policies using Post Method. I can get the policies with Get method at Test Tenant but i doesnt allow me to deploy them.

 

Thank you in advance.

0 Likes
Reply
best response confirmed by mhmmdrn (Copper Contributor)
Keith_Fleming

‎Mar 21 2023 05:36 AM

‎Mar 21 2023 05:36 AM

Solution

Re: Defender for Cloud Apps REST API - Authentication

Hi @mhmmdrn,

 

The reason you’re seeing the errors in this case is because these are not supported endpoints.


While there are several undocumented endpoints you can find through various methods they are reserved for the internal service and not exposed to an app registration permissions. This is implemented as part of the service so adding RBAC permissions or roles won’t correct the error here.

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by mhmmdrn (Copper Contributor)
Keith_Fleming

‎Mar 21 2023 05:36 AM

‎Mar 21 2023 05:36 AM

Solution

Re: Defender for Cloud Apps REST API - Authentication

Hi @mhmmdrn,

 

The reason you’re seeing the errors in this case is because these are not supported endpoints.


While there are several undocumented endpoints you can find through various methods they are reserved for the internal service and not exposed to an app registration permissions. This is implemented as part of the service so adding RBAC permissions or roles won’t correct the error here.

View solution in original post

0 Likes
Reply