Share via

Not getting scp calims in access token

nikunj bhat 20 Reputation points
2025-12-15T12:10:29.8033333+00:00

I followed the following document https://learn.microsoft.com/en-us/defender-endpoint/api/exposed-apis-create-app-nativeapp#create-an-app to create an app. I tried getting the access token and using that access token i tried hitting the following API: https://api.securitycenter.microsoft.com/api/indicators (Reference: https://learn.microsoft.com/en-us/defender-endpoint/api/post-ti-indicator). However I keep getting 403 with below response.

I have already added the appropriate API permission still it gives the same error. Apart from that the access token doesnot contain 'scp' claim as suggested in the documentation.

{
    "error": {
        "code": "Forbidden",
        "message": "Missing application roles. API required roles: Ti.ReadWrite.All,Ti.ReadWrite, application roles: .",
        "target": "|a3a2c86d-4d801fec358d26ce.1."
    }
}
Microsoft Security | Microsoft Entra | Microsoft Entra ID

Answer accepted by question author

Rukmini 42,025 Reputation points Microsoft External Staff Moderator
2025-12-19T13:20:04.5433333+00:00

Hello nikunj bhat,

As discussed offline, please pass scope as https://api.securitycenter.microsoft.com/.default

User's image

User's image

If the resolution was helpful, kindly take a moment to accept the answer and upvote it 👍 it as a token of appreciation.

Was this answer helpful?

1 person found this answer helpful.
0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.