deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-21 05:13:40 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update exposed-apis-create-app-partners.md

Browse Source
This commit is contained in:
Denise Vangel-MSFT
2020-11-06 12:16:00 -08:00
parent 7ddf4a7dc2
commit 2059908483
1 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-partners.md
View File

@ -1,7 +1,7 @@
--- ---
title: Create an Application to access Microsoft Defender ATP without a user title: Create an Application to access Microsoft Defender for Endpoint without a user
ms.reviewer: ms.reviewer:
description: Learn how to design a web app to get programmatic access to Microsoft Defender ATP without a user. description: Learn how to design a web app to get programmatic access to Microsoft Defender for Endpoint without a user.
keywords: apis, graph api, supported apis, actor, alerts, device, user, domain, ip, file, advanced hunting, query keywords: apis, graph api, supported apis, actor, alerts, device, user, domain, ip, file, advanced hunting, query
search.product: eADQiWindows 10XVcnh search.product: eADQiWindows 10XVcnh
ms.prod: w10 ms.prod: w10
@ -24,17 +24,17 @@ ms.topic: article
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
This page describes how to create an Azure Active Directory (Azure AD) application to get programmatic access to Defender for Endpoint on behalf of your customers. This page describes how to create an Azure Active Directory (Azure AD) application to get programmatic access to Microsoft Defender for Endpoint on behalf of your customers.
Defender for Endpoint exposes much of its data and actions through a set of programmatic APIs. Those APIs will help you automate work flows and innovate based on Defender for Endpoint capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols-oauth-code). Microsoft Defender for Endpoint exposes much of its data and actions through a set of programmatic APIs. Those APIs will help you automate work flows and innovate based on Microsoft Defender for Endpoint capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols-oauth-code).
In general, youll need to take the following steps to use the APIs: In general, youll need to take the following steps to use the APIs:
- Create a **multi-tenant** Azure AD application. - Create a **multi-tenant** Azure AD application.
- Get authorized(consent) by your customer administrator for your application to access Defender for Endpoint resources it needs. - Get authorized(consent) by your customer administrator for your application to access Defender for Endpoint resources it needs.
- Get an access token using this application. - Get an access token using this application.
- Use the token to access Microsoft Defender ATP API. - Use the token to access Microsoft Defender for Endpoint API.
The following steps will guide you how to create an Azure AD application, get an access token to Microsoft Defender for Endpoint and validate the token. The following steps will guide you how to create an Azure AD application, get an access token to Microsoft Defender for Endpoint and validate the token.
@ -61,7 +61,7 @@ The following steps will guide you how to create an Azure AD application, get an
- On your application page, select **API Permissions** > **Add permission** > **APIs my organization uses** > type **WindowsDefenderATP** and select on **WindowsDefenderATP**. - On your application page, select **API Permissions** > **Add permission** > **APIs my organization uses** > type **WindowsDefenderATP** and select on **WindowsDefenderATP**.
- **Note**: WindowsDefenderATP does not appear in the original list. Start writing its name in the text box to see it appear. - **Note**: *WindowsDefenderATP* does not appear in the original list. Start writing its name in the text box to see it appear.
![Image of API access and API selection](images/add-permission.png) ![Image of API access and API selection](images/add-permission.png)
@ -212,7 +212,7 @@ You will get an answer of the form:
Sanity check to make sure you got a correct token: Sanity check to make sure you got a correct token:
- Copy/paste into [JWT](https://jwt.ms) the token you get in the previous step in order to decode it - Copy/paste into [JWT](https://jwt.ms) the token you get in the previous step in order to decode it
- Validate you get a 'roles' claim with the desired permissions - Validate you get a 'roles' claim with the desired permissions
- In the screenshot below, you can see a decoded token acquired from an Application with multiple permissions to Microsoft Defender ATP: - In the screenshot below, you can see a decoded token acquired from an Application with multiple permissions to Microsoft Defender for Endpoint:
- The "tid" claim is the tenant ID the token belongs to. - The "tid" claim is the tenant ID the token belongs to.
![Image of token validation](images/webapp-decoded-token.png) ![Image of token validation](images/webapp-decoded-token.png)
@ -236,6 +236,6 @@ Sanity check to make sure you got a correct token:
// Do something useful with the response // Do something useful with the response
``` ```
## Related topics ## See also
- [Supported Microsoft Defender for Endpoint APIs](exposed-apis-list.md) - [Supported Microsoft Defender for Endpoint APIs](exposed-apis-list.md)
- [Access Microsoft Defender for Endpoint on behalf of a user](exposed-apis-create-app-nativeapp.md) - [Access Microsoft Defender for Endpoint on behalf of a user](exposed-apis-create-app-nativeapp.md)