Issue with API of Microsoft Defender for Endpoint

Copper Contributor

Hello team, i tried to access the APIs of Microsoft Defender for Endpoint, but unable to access the APIs, everytime it throws Unautorized status code. I have used application context OAuth Bearer token. Authentication API sends successful response with Access Token, but when tried to use that token to access any API i.e. /api/alerts . It throws Unautorized error. I have also granted the permissions of WindowsDefenderATPI followed this document link: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/exposed-apis-create-app-we... for registering app. 

Note: The same configurations are working before 2-3 months, we have not changed anything though it’s giving unauthorized status. Let me know if i have to add something here.

4 Replies
Part 6) in the link you have posted. Client secret may have expired, make sure it hasn't.
I tried with New Secret Key, but receiving same error.

When your client secret is fine and you still get unauthorized you might be missing the Admin consent for the permission you requested. Every time you add a permission, you must select Grant consent for the new permission to take effect. Need to be done by Global-Administrator for example, Security-Admin is not enough.

Yes @BillTheKid,  I already granted consent with an admin account, though it was giving the same error. I don't know how, but since yesterday it was working fine with the same configuration, I have not changed the configurations. Don't know what was the issue 😅