Error in API call [403] - "message": "Unauthorized request - No active license found"

Hi, I tried to register an app in AAD to enable connecting to Microsoft Defender for Endpoint API. The registration is in a CSP account and it support Multi-tenant account types. However, MDE is in a "customer" tenant from which I've granted access to the app. I can request a token just fine and I can see it return the proper roles/permissions. However if I try to query https://api.securitycenter.microsoft.com/api/alerts, it returns this message:

{
    "error": {
        "code": "Unauthorized",
        "message": "Unauthorized request - No active license found",
        "target": "|e66a0558-414dbd74c992c182."
    }
}

I have other succesful integration in Single-tenant but I can't get this one to work. What am I missing ?