-
|
Hello, is it possible to gain an access token for https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/get-machines?view=o365-worldwide via interactive auth? I can't provide any other resource than microsoft graph and so I can't specify the correct scopes. |
Beta Was this translation helpful? Give feedback.
Replies: 5 comments
-
|
But that same doc already describes the scopes, although they use the term "permissions". Do they not work? |
Beta Was this translation helpful? Give feedback.
-
Unfortunately, they do not work, because those permissions are not valid graph API scopes. Requesting those permissions at graph API results in an error: Scopes not valid. |
Beta Was this translation helpful? Give feedback.
-
|
The following get request works: The important part is the parameter "resource" that specifies exactly what resource the requested API key is for. |
Beta Was this translation helpful? Give feedback.
-
|
The Generally speaking, a scope can be concatenated by resource |
Beta Was this translation helpful? Give feedback.
-
|
It worked! Thank you very much! |
Beta Was this translation helpful? Give feedback.
The
resourceparameter is for an older version of token endpoint. MSAL libraries all usescope.Generally speaking, a scope can be concatenated by resource
Rand permissionP, so you useR/P. For example, MS Defender API's resource ishttps://api.securitycenter.microsoft.comand a permission isMachine.Read. I triedhttps://api.securitycenter.microsoft.com/Machine.Readwith MSAL Python and it at least yielded a meaningful error ("need admin approval") which is probably due to my existing test app was not set up for consuming Defender API. Regardless, you can try that scope and see if it can carry you further.