List Incident API for Microsoft Defender

Kishor 1 Reputation point
2022-10-10T19:40:36.34+00:00

Hi,

I followed the page https://learn.microsoft.com/en-us/microsoft-365/security/defender/api-create-app-web?view=o365-worldwide for getting the access token and when I am hitting the List Incident API https://learn.microsoft.com/en-us/microsoft-365/security/defender/api-list-incidents?view=o365-worldwide I am getting below response, could you please help me to resolve the issue?

{
"error": {
"code": "Unauthorized",
"message": "Authorization has been denied for this request.",
"target": "e66f4d95-4ee7-4418-8d0e-7bd1a898a9f5"
}
}

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,837 questions
Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,780 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,215 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Bhanu Kiran 3,526 Reputation points
    2022-10-11T02:30:26.417+00:00

    Hi @Kishor ,

    As per the documentation you need to have view permission for incidents in the portal when obtaining the token. Please validate the same.

    249146-incidents.png

    Hope this helps.

    If the answer is helpful, please click Accept Answer and kindly upvote. If you have any further questions about this answer, please click Comment.

    0 comments No comments

  2. Limitless Technology 44,011 Reputation points
    2022-10-12T09:42:15.573+00:00

    Hello there,

    In the ValuesController there is an attribute Authorize are you using this attribute?

    If so then you must first register a user, and then login to get user's token, then you can use the token to authorize your self and get access .

    ------------------------------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept it as an answer--

    0 comments No comments