Share via

API results -- "Missing application roles. API required roles: Alert.Read.All,Alert.ReadWrite.All, application roles: Incident.Read.All,AdvancedHunting.Read.All."

Steven Francesco 0 Reputation points
2025-12-08T16:17:41.5033333+00:00

I have reviewed just about every Microsoft document and tried to use Co-Pilot to resolve. I am able to get a token, using the scope=https://api.security.microsoft.com/.default. Just can't get passed this error ""Missing application roles. API required roles: Alert.Read.All,Alert.ReadWrite.All, application roles: Incident.Read.All,AdvancedHunting.Read.All."

I have set the permissions

DefenderAPIApp (1)
DefenderAPIApp (1)
Read.files Delegated Read user Files Yes Granted for Cyber Risks Services
Microsoft Graph (3)
Application.Read.All Delegated Read applications Yes Granted for Cyber Risks Services
Application.ReadUpdate.All Delegated Read and update all apps Yes Granted for Cyber Risks Services
Application.ReadWrite.All Delegated Read and write all applications Yes Granted for Cyber Risks Services
Microsoft Threat Protection (2)
AdvancedHunting.Read.All Application Run advanced hunting queries Yes Granted for Cyber Risks Services
Incident.Read.All Application Read all incidents Yes Granted for Cyber Risks Services
Microsoft Security | Microsoft Defender | Microsoft Defender for Office 365
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2025-12-08T16:17:49.01+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    To resolve the "Missing application roles" error, ensure that your application has the required permissions correctly set in the Azure portal. Based on your description, it seems you need to verify that the following roles are assigned to your application:

    1. Alert.Read.All - This permission allows the application to read all alerts.
    2. Alert.ReadWrite.All - This permission allows the application to read and write alerts.
    3. Incident.Read.All - This permission allows the application to read all incidents.
    4. AdvancedHunting.Read.All - This permission allows the application to run advanced hunting queries.

    Make sure that these permissions are granted at the application level and that you have consented to them. After setting the permissions, you may need to re-authenticate to obtain a new token that includes these permissions.

    If you continue to face issues, double-check the scopes you are using when acquiring the token to ensure they match the required permissions for the API you are trying to access.

    0 comments
  2. Vasil Michev 123.5K Reputation points MVP Volunteer Moderator
    2025-12-08T17:17:02.1966667+00:00

    Which endpoint/method are you querying, can you share a sample request? Sometimes the documentation can be incorrect, and not only with regards to permissions. For this specific scenario, you'd likely need to consent to the permissions returned in the error message. If you share the request/endpoint, we can confirm whether this is indeed needed/test on our end as well.

    Also, can you clarify the context you are running with? The info above shows a mix of delegate and application permissions, so it's not clear which ones are relevant to the task at hand. Keep in mind that for delegate permissions you might need to also assign an admin role to the principal used.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.