microsoft-365-docs
microsoft-365-docs copied to clipboard
Permissions listed on this page produce the wrong aud claim in the access token, which results in a 403
Following the steps in this document ( which it is not clear at all which api these permissions come from anyway ) and using the Defender API permissions, this results in a token that does not have the proper audience claim in it ( aud ) and so the api returns a 403. The API added to the permissions is the WindowsDefenderATP and the permissions are the ones listed on this document. The aud claim ends up being https://userrequestsgraphapi-prd.trafficmanager.net which the api ( api.securitycenter.microsoft.com...) is rejecting. It can be resolved by changing the scope value in the token request from https://userrequestsgraphapi-prd.trafficmanager.net/.default to: https://api.securitycenter.microsoft.com/.default ( client credentials flow ) and this produces an access token with https://api.securitycenter.microsoft.com as the aud claim and the proper roles listed, and then the api will accept this token. The documentation should be updated to state how the token/permissions are added because there is no guidance for developers -- they are forced to open a support ticket when getting a 403 following this current document.
Thank you!
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
- ID: 07828149-8c9b-2b6f-b5f6-9558cfcfa650
- Version Independent ID: 2101b098-7da1-86ca-6a31-fddfa7a5cb62
- Content: List machines API
- Content Source: microsoft-365/security/defender-endpoint/get-machines.md
- Product: m365-security
- GitHub Login: @mjcaparas
- Microsoft Alias: macapara
@mjcaparas please help us in resolving this issue. Thanks