Wich scope use to get the access token for microsft credential

Romain Lentz 1 Reputation point
2022-04-05T12:07:48.25+00:00

Hello,
I'm trying to do postman access token request to reach the following api :

https://api-eu.securitycenter.windows.com/api/vulnerabilities?$filter=publishedOn+ge+2022-01-01T00:00:00Z

however the result returned is always the same :

"error": {
    "code": "Unauthorized",
    "message": "Unauthorized",
    "target": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
}

Here is the request I've used to get the access token :

POST : https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/token

Body:
client_id : my client id
scope : https://graph.microsoft.com/.default
client_secret : my client secret
grant_type : client_credentials

Header :
Content-Type : x-www-form-urlencoded

The response return me a token that is apparently not recognized by the first request...

I've tryed several scopes such as : /.default, user.read openid profile offline_access, https://graph.microsoft.com/.defaul

Even if they are all returning me a token, none of them seems to work.

I've also added the right to WindowsDefenderATP > Vulnerability.read, from the azure portal.

Is the problem the scope ? What scope should I use if i have a cllient credential grant type ?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,522 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Vicky Kumar (Mindtree Consulting PVT LTD) 1,166 Reputation points Microsoft Employee
    2022-04-19T09:59:10.74+00:00

    Put your access token on jwt.ms and see if you have User.ReadWrite Or User.ReadWrite.All are present or not.

    0 comments No comments