Wich scope use to get the access token for microsft credential

Romain Lentz 1 Reputation point

I'm trying to do postman access token request to reach the following api :


however the result returned is always the same :

"error": {
    "code": "Unauthorized",
    "message": "Unauthorized",

Here is the request I've used to get the access token :

POST : https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/token

client_id : my client id
scope : https://graph.microsoft.com/.default
client_secret : my client secret
grant_type : client_credentials

Header :
Content-Type : x-www-form-urlencoded

The response return me a token that is apparently not recognized by the first request...

I've tryed several scopes such as : /.default, user.read openid profile offline_access, https://graph.microsoft.com/.defaul

Even if they are all returning me a token, none of them seems to work.

I've also added the right to WindowsDefenderATP > Vulnerability.read, from the azure portal.

Is the problem the scope ? What scope should I use if i have a cllient credential grant type ?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,522 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Vicky Kumar (Mindtree Consulting PVT LTD) 1,166 Reputation points Microsoft Employee

    Put your access token on jwt.ms and see if you have User.ReadWrite Or User.ReadWrite.All are present or not.

    0 comments No comments