diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-partners.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-partners.md index c873f53d61..6f6b293ed1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-partners.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-partners.md @@ -120,7 +120,9 @@ This page explains how to create an AAD application, get an access token to Micr ## Get an access token examples: -For more details on AAD token, refer to [AAD tutorial](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols-oauth-client-creds) +**Note:** to get access token on behalf of your customer, use the customer's tenant ID on the following token acquisitions. + +
For more details on AAD token, refer to [AAD tutorial](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols-oauth-client-creds) ### Using PowerShell @@ -205,7 +207,8 @@ You will get an answer of the form: Sanity check to make sure you got a correct token: - Copy/paste into [JWT](https://jwt.ms) the token you get in the previous step in order to decode it - Validate you get a 'roles' claim with the desired permissions -- In the screen shot below you can see a decoded token acquired from an Application with permissions to all of Microsoft Defender ATP's roles: +- In the screen shot below you can see a decoded token acquired from an Application with multiple permissions to Microsoft Defender ATP: +- The "tid" claim is the tenant ID the token belongs. ![Image of token validation](images/webapp-decoded-token.png) diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/webapp-decoded-token.png b/windows/security/threat-protection/microsoft-defender-atp/images/webapp-decoded-token.png index be98e49216..3df1514164 100644 Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/webapp-decoded-token.png and b/windows/security/threat-protection/microsoft-defender-atp/images/webapp-decoded-token.png differ