Share via

Not getting scp calims in access token

nikunj bhat 0 Reputation points
2025-12-15T12:10:29.8033333+00:00

I followed the following document https://learn.microsoft.com/en-us/defender-endpoint/api/exposed-apis-create-app-nativeapp#create-an-app to create an app. I tried getting the access token and using that access token i tried hitting the following API: https://api.securitycenter.microsoft.com/api/indicators (Reference: https://learn.microsoft.com/en-us/defender-endpoint/api/post-ti-indicator). However I keep getting 403 with below response.

I have already added the appropriate API permission still it gives the same error. Apart from that the access token doesnot contain 'scp' claim as suggested in the documentation.

{
    "error": {
        "code": "Forbidden",
        "message": "Missing application roles. API required roles: Ti.ReadWrite.All,Ti.ReadWrite, application roles: .",
        "target": "|a3a2c86d-4d801fec358d26ce.1."
    }
}
Microsoft Security | Microsoft Entra | Microsoft Entra ID
Answer accepted by question author
  1. Rukmini 12,000 Reputation points Microsoft External Staff Moderator
    2025-12-19T13:20:04.5433333+00:00

    Hello nikunj bhat,

    As discussed offline, please pass scope as https://api.securitycenter.microsoft.com/.default

    User's image

    User's image

    If the resolution was helpful, kindly take a moment to accept the answer and upvote it 👍 it as a token of appreciation.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.