diff --git a/windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-nativeapp.md b/windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-nativeapp.md index d35e6536d6..2f96cc142c 100644 --- a/windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-nativeapp.md +++ b/windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-nativeapp.md @@ -75,12 +75,17 @@ If you are not familiar with user permissions on WDATP, please refer to [Manage 6. Click **Select permissions** > check **Read alerts** & **Collect forensics** > **Select**. - **Important note**: You need to select the relevant permissions. 'Read alerts' and 'Collect forensics' are only an examples! + **Important note**: You need to select the relevant permissions. 'Read alerts' and 'Collect forensics' are only an example! ![Image of select permissions](images/nativeapp-select-permissions.png) - - In order to send TI events to WDATP, check 'Read and write IOCs belonging to the app' permission - - In order to run advanced queries in WDATP, check 'Run advanced queries' permission + For instance, + + - In order to [run advanced queries](run-advanced-query-api.md), check 'Run advanced queries' permission + - In order to [isolate a machine](isolate-machine-windows-defender-advanced-threat-protection-new.md), check 'Isolate machine' permission + + To determine which permission you need, please look at the **Permissions** section in the API you are interested to call. + 7. Click **Done** @@ -146,7 +151,7 @@ Sanity check to make sure you got a correct token: ## Use the token to access Windows Defender ATP API - Choose the API you want to use - [Supported Windows Defender ATP APIs](exposed-apis-list.md) -- Set the Authorization header in the Http request you send to "Bearer {token}" (Bearer is the Authorization scheme) +- Set the Authorization header in the HTTP request you send to "Bearer {token}" (Bearer is the Authorization scheme) - The Expiration time of the token is 1 hour (you can send more then one request with the same token) - Example of sending a request to get a list of alerts **using C#** diff --git a/windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-webapp.md b/windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-webapp.md index 6dc9ac40bd..627139a682 100644 --- a/windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-webapp.md +++ b/windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-webapp.md @@ -111,13 +111,13 @@ This page explains how to create an app, get an access token to Windows Defender ![Image of multi tenant](images/webapp-edit-multitenant.png) -### Application consent (for multi tenant apps only) +**Note**: -You need your application to be approved in each tenant where you intend to use it. This is because your application interacts with WDATP application on behalf of your customer. + You need your application to be approved in each tenant where you intend to use it. This is because your application interacts with WDATP application on behalf of your customer. -You (or your customer if you are writing a 3rd party application) need to click the consent link and approve your application. The consent should be done with a user who has admin privileges in the active directory. + You (or your customer if you are writing a 3rd party application) need to click the consent link and approve your application. The consent should be done with a user who has admin privileges in the active directory. -Consent link is of the form: + Consent link is of the form: ``` https://login.microsoftonline.com/common/oauth2/authorize?prompt=consent&client_id=00000000-0000-0000-0000-000000000000&response_type=code&sso_reload=true​ @@ -147,7 +147,7 @@ For more details on AAD token, refer to [AAD tutorial](https://docs.microsoft.co ``` string tenantId = "00000000-0000-0000-0000-000000000000"; // Paste your own tenant ID here string appId = "11111111-1111-1111-1111-111111111111"; // Paste your own app ID here - string appSecret = GetTheSecretFromSafePlace(); // Paste your own app secret here for a test, and then store it in a safe place! + string appSecret = "22222222-2222-2222-2222-222222222222"; // Paste your own app secret here for a test, and then store it in a safe place! const string authority = "https://login.windows.net"; const string wdatpResourceId = "https://api.securitycenter.windows.com/"; diff --git a/windows/security/threat-protection/windows-defender-atp/images/nativeapp-select-permissions.png b/windows/security/threat-protection/windows-defender-atp/images/nativeapp-select-permissions.png index 3e9ad569f0..5b17f2dc02 100644 Binary files a/windows/security/threat-protection/windows-defender-atp/images/nativeapp-select-permissions.png and b/windows/security/threat-protection/windows-defender-atp/images/nativeapp-select-permissions.png differ