Using Microsoft 365 Defender with GCC-HIGH endpoint

Question

Hello,
We are attempting to connect to Microsoft 365 Defender using API requests. We've tried both the device code flow and the client credentials flow.

Since our tenant is GCC-HIGH, we have ensured that our requests use the correct resource and scope using this documentation https://learn.microsoft.com/en-us/defender-xdr/usgov?view=o365-worldwide#feature-parity-with-commercial.
Additionally, we have created an app with the necessary permissions, as shown in the attached image.

We made sure that Grant admin consent was clicked**.
**
This is the curl:

curl -X POST "https://login.microsoftonline.us/<TENANT_ID>/oauth2/v2.0/token" \

-H "Content-Type: application/x-www-form-urlencoded" \

-d "client_id=<CLIENT_ID>" \

-d "client_secret=<CLIENT_SECRET>" \

-d "grant_type=client_credentials" \

-d "scope=offline_access https://security.microsoft.us/.default"

as described in this documentation https://learn.microsoft.com/en-us/defender-xdr/api-create-app-web

This is the error we get:

Error in Microsoft authorization. Status: 400, body: invalid_resource.
error: {'error': 'invalid_resource', 'error_description': 'AADSTS500011: The resource principal named https://security.microsoft.us was not found in the tenant named <TENANT_NAME>. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant. 'error_uri': 'https://login.microsoftonline.us/error?code=500011'}

Our questions are:

1. Can we use client credentials with gcc-high tenant for Defender?
2. Can we use device code with gcc-high tenant for Defender (we are getting the same error as above)?
3. Is there any step we are missing?
4. Is there another way to connect to this kind of tenant?

Thank you.

Answer 1

Hello, could someone assist with this question? Thanks.