add application consent section

2025-06-05 09:07:22 +00:00 · 2018-08-22 14:35:10 -07:00 · 2018-08-22 14:35:10 -07:00 · 06b836a950
commit 06b836a950
parent 02b507d206
3 changed files with 17 additions and 13 deletions
--- a/windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-nativeapp.md
+++ b/windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-nativeapp.md
@ -81,8 +81,8 @@ If you are not familiar with user permissions on WDATP, please refer to [Manage

 	For instance,

-       - In order to [run advanced queries](run-advanced-query-api.md), check 'Run advanced queries' permission
-       - In order to [isolate a machine](isolate-machine-windows-defender-advanced-threat-protection-new.md), check 'Isolate machine' permission
+    - In order to [run advanced queries](run-advanced-query-api.md), check 'Run advanced queries' permission
+    - In order to [isolate a machine](isolate-machine-windows-defender-advanced-threat-protection-new.md), check 'Isolate machine' permission

       To determine which permission you need, please look at the **Permissions** section in the API you are interested to call.

@ -110,7 +110,7 @@ For more details on AAD token, refer to [AAD tutorial](https://docs.microsoft.co

 ### Using C#

->The below code was tested with nuget Microsoft.IdentityModel.Clients.ActiveDirectory 3.19.8
+The  code was below tested with nuget Microsoft.IdentityModel.Clients.ActiveDirectory 3.19.8

 - Create a new Console Application
 - Install Nuget [Microsoft.IdentityModel.Clients.ActiveDirectory](https://www.nuget.org/packages/Microsoft.IdentityModel.Clients.ActiveDirectory/)
--- a/windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-webapp.md
+++ b/windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-webapp.md
@ -114,13 +114,12 @@ This page explains how to create an app, get an access token to Windows Defender
 	![Image of multi tenant](images/webapp-edit-multitenant.png)


-**Note**:
+## Application consent
+You need your application to be approved in each tenant where you intend to use it. This is because your application interacts with WDATP application on behalf of your customer.

-	You need your application to be approved in each tenant where you intend to use it. This is because your application interacts with WDATP application on behalf of your customer.
+You (or your customer if you are writing a 3rd party application) need to click the consent link and approve your application. The consent should be done with a user who has admin privileges in the active directory.

-	You (or your customer if you are writing a 3rd party application) need to click the consent link and approve your application. The consent should be done with a user who has admin privileges in the active directory.
-
-	Consent link is of the form: 
+Consent link is of the form: 

 ```
 https://login.microsoftonline.com/common/oauth2/authorize?prompt=consent&client_id=00000000-0000-0000-0000-000000000000&response_type=code&sso_reload=true
@ -217,6 +216,7 @@ Sanity check to make sure you got a correct token:

 	// Do something useful with the response
 	```
+
 ## Related topics
 - [Windows Defender ATP APIs](exposed-apis-intro.md)
 - [Supported Windows Defender ATP APIs](exposed-apis-list.md)
--- a/windows/security/threat-protection/windows-defender-atp/run-advanced-query-api.md
+++ b/windows/security/threat-protection/windows-defender-atp/run-advanced-query-api.md
@ -125,13 +125,17 @@ Content-Type: application/json

 ## Troubleshooting:

- (403) Forbidden.
+- Error: (403) Forbidden
 	
-	If you get this error when calling WDATP API, your token probably does not include the necessary permission,
+	
+    If you get this error when calling WDATP API, your token probably does not include the necessary permission.
+
 	Check [app permissions](exposed-apis-create-app-webapp.md#validate-the-token) or [delegated permissions](exposed-apis-create-app-nativeapp.md#validate-the-token) included in your token.
-	If the 'roles' section in the token does not include the necessary permission, 
-		- either you did not add the necessary permission to your app (refer to [Access Windows Defender ATP without a user](exposed-apis-create-app-webapp.md#create-an-app) or [Access Windows Defender ATP on behalf of a user](exposed-apis-create-app-nativeapp.md#create-an-app)) 
-		- or you did not authorize your app in the tenant see, [Application consent](exposed-apis-create-app-webapp.md#application-consent).
+	
+    If the 'roles' section in the token does not include the necessary permission: 
+
+	- The necessary permission to your app might not have been granted. For more information, see [Access Windows Defender ATP without a user](exposed-apis-create-app-webapp.md#create-an-app) or [Access Windows Defender ATP on behalf of a user](exposed-apis-create-app-nativeapp.md#create-an-app) or,
+    - The app was not authorized in the tenant, see [Application consent](exposed-apis-create-app-webapp.md#application-consent).


 ## Related topic