deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-06 17:47:21 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

add application consent section

Browse Source
This commit is contained in:
Joey Caparas 2018-08-22 14:35:10 -07:00
parent 02b507d206
commit 06b836a950
3 changed files with 17 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-nativeapp.md
View File

@ -81,8 +81,8 @@ If you are not familiar with user permissions on WDATP, please refer to [Manage
For instance, For instance,
- In order to [run advanced queries](run-advanced-query-api.md), check 'Run advanced queries' permission - In order to [run advanced queries](run-advanced-query-api.md), check 'Run advanced queries' permission
- In order to [isolate a machine](isolate-machine-windows-defender-advanced-threat-protection-new.md), check 'Isolate machine' permission - In order to [isolate a machine](isolate-machine-windows-defender-advanced-threat-protection-new.md), check 'Isolate machine' permission
To determine which permission you need, please look at the **Permissions** section in the API you are interested to call. To determine which permission you need, please look at the **Permissions** section in the API you are interested to call.
@ -110,7 +110,7 @@ For more details on AAD token, refer to [AAD tutorial](https://docs.microsoft.co
### Using C# ### Using C#
>The below code was tested with nuget Microsoft.IdentityModel.Clients.ActiveDirectory 3.19.8 The code was below tested with nuget Microsoft.IdentityModel.Clients.ActiveDirectory 3.19.8
- Create a new Console Application - Create a new Console Application
- Install Nuget [Microsoft.IdentityModel.Clients.ActiveDirectory](https://www.nuget.org/packages/Microsoft.IdentityModel.Clients.ActiveDirectory/) - Install Nuget [Microsoft.IdentityModel.Clients.ActiveDirectory](https://www.nuget.org/packages/Microsoft.IdentityModel.Clients.ActiveDirectory/)

10
windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-webapp.md
View File

@ -114,13 +114,12 @@ This page explains how to create an app, get an access token to Windows Defender
![Image of multi tenant](images/webapp-edit-multitenant.png) ![Image of multi tenant](images/webapp-edit-multitenant.png)
**Note**: ## Application consent
You need your application to be approved in each tenant where you intend to use it. This is because your application interacts with WDATP application on behalf of your customer.
You need your application to be approved in each tenant where you intend to use it. This is because your application interacts with WDATP application on behalf of your customer. You (or your customer if you are writing a 3rd party application) need to click the consent link and approve your application. The consent should be done with a user who has admin privileges in the active directory.
You (or your customer if you are writing a 3rd party application) need to click the consent link and approve your application. The consent should be done with a user who has admin privileges in the active directory. Consent link is of the form:
Consent link is of the form:
``` ```
https://login.microsoftonline.com/common/oauth2/authorize?prompt=consent&client_id=00000000-0000-0000-0000-000000000000&response_type=code&sso_reload=true https://login.microsoftonline.com/common/oauth2/authorize?prompt=consent&client_id=00000000-0000-0000-0000-000000000000&response_type=code&sso_reload=true
@ -217,6 +216,7 @@ Sanity check to make sure you got a correct token:
// Do something useful with the response // Do something useful with the response
``` ```
## Related topics ## Related topics
- [Windows Defender ATP APIs](exposed-apis-intro.md) - [Windows Defender ATP APIs](exposed-apis-intro.md)
- [Supported Windows Defender ATP APIs](exposed-apis-list.md) - [Supported Windows Defender ATP APIs](exposed-apis-list.md)

14
windows/security/threat-protection/windows-defender-atp/run-advanced-query-api.md
View File

@ -125,13 +125,17 @@ Content-Type: application/json
## Troubleshooting: ## Troubleshooting:
- (403) Forbidden. - Error: (403) Forbidden
If you get this error when calling WDATP API, your token probably does not include the necessary permission,
If you get this error when calling WDATP API, your token probably does not include the necessary permission.
Check [app permissions](exposed-apis-create-app-webapp.md#validate-the-token) or [delegated permissions](exposed-apis-create-app-nativeapp.md#validate-the-token) included in your token. Check [app permissions](exposed-apis-create-app-webapp.md#validate-the-token) or [delegated permissions](exposed-apis-create-app-nativeapp.md#validate-the-token) included in your token.
If the 'roles' section in the token does not include the necessary permission,
- either you did not add the necessary permission to your app (refer to [Access Windows Defender ATP without a user](exposed-apis-create-app-webapp.md#create-an-app) or [Access Windows Defender ATP on behalf of a user](exposed-apis-create-app-nativeapp.md#create-an-app)) If the 'roles' section in the token does not include the necessary permission:
- or you did not authorize your app in the tenant see, [Application consent](exposed-apis-create-app-webapp.md#application-consent).
- The necessary permission to your app might not have been granted. For more information, see [Access Windows Defender ATP without a user](exposed-apis-create-app-webapp.md#create-an-app) or [Access Windows Defender ATP on behalf of a user](exposed-apis-create-app-nativeapp.md#create-an-app) or,
- The app was not authorized in the tenant, see [Application consent](exposed-apis-create-app-webapp.md#application-consent).
## Related topic ## Related topic