Skip to content

Commit cdc156f

Browse files
committed
Update exposed-apis-create-app-partners.md
1 parent 278847f commit cdc156f

File tree

1 file changed

+13
-12
lines changed

1 file changed

+13
-12
lines changed

defender-endpoint/api/exposed-apis-create-app-partners.md

Lines changed: 13 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -89,26 +89,26 @@ The following steps guide you how to create a Microsoft Entra application, get a
8989

9090
To determine which permission you need, review the **Permissions** section in the API you want to call. For instance:
9191

92-
- To [run advanced queries](run-advanced-query-api.md), select 'Run advanced queries' permission
93-
- To [isolate a device](isolate-machine.md), select 'Isolate machine' permission
92+
- To [run advanced queries](run-advanced-query-api.md), select the **Run advanced queries** permission.
93+
- To [isolate a device](isolate-machine.md), select the **Isolate machine** permission.
9494

95-
In the following example we use **'Read all alerts'** permission:
95+
In the following example we use **Read all alerts** permission:
9696

9797
1. Choose **Application permissions** \> **Alert.Read.All** > select on **Add permissions**
9898

9999
:::image type="content" source="../media/application-permissions.png" alt-text="The option that allows to add a permission" lightbox="../media/application-permissions.png":::
100100

101101
2. Select **Grant consent**
102102

103-
- **Note**: Every time you add permission you must select on **Grant consent** for the new permission to take effect.
103+
- Every time you add permission you must select on **Grant consent** for the new permission to take effect.
104104

105105
:::image type="content" source="../media/grant-consent.png" alt-text="The option that allows consent to be granted" lightbox="../media/grant-consent.png":::
106106

107107
3. Add a secret to the application.
108108

109109
- Select **Certificates & secrets**, add description to the secret and select **Add**.
110110

111-
**Important**: After you select **Add**, make sure to copy the generated secret value. You won't be able to retrieve it after you leave!
111+
After you select **Add**, make sure to copy the generated secret value. You won't be able to retrieve it after you leave!
112112

113113
:::image type="content" source="../media/webapp-create-key2.png" alt-text="The create app key" lightbox="../media/webapp-create-key2.png":::
114114

@@ -130,9 +130,9 @@ In the following example we use **'Read all alerts'** permission:
130130
https://login.microsoftonline.com/common/oauth2/authorize?prompt=consent&client_id=00000000-0000-0000-0000-000000000000&response_type=code&sso_reload=true
131131
```
132132

133-
Where 00000000-0000-0000-0000-000000000000 should be replaced with your Application ID
133+
Where `00000000-0000-0000-0000-000000000000` should be replaced with your Application ID.
134134

135-
After clicking on the consent link, sign in with the Global Administrator of the customer's tenant and consent the application.
135+
After selecting the consent link, sign in as the Global Administrator of the customer's tenant and consent the application.
136136

137137
:::image type="content" source="../media/app-consent-partner.png" alt-text="The Accept button" lightbox="../media/app-consent-partner.png":::
138138

@@ -142,7 +142,7 @@ In the following example we use **'Read all alerts'** permission:
142142

143143
## Get an access token example
144144

145-
**Note:** To get access token on behalf of your customer, use the customer's tenant ID on the following token acquisitions.
145+
To get access token on behalf of your customer, use the customer's tenant ID on the following token acquisitions.
146146

147147
For more information on Microsoft Entra token, see [Microsoft Entra tutorial](/azure/active-directory/develop/active-directory-v2-protocols-oauth-client-creds).
148148

@@ -240,21 +240,22 @@ Confirm you received a correct token.
240240

241241
1. Copy/paste into [JWT](https://jwt.ms) the token you get in the previous step in order to decode it.
242242

243-
2. Confirm you get a 'roles' claim with the desired permissions.
243+
2. Confirm you get a roles claim with the appropriate permissions.
244244

245245
In the following screenshot, you can see a decoded token acquired from an Application with multiple permissions to Microsoft Defender for Endpoint:
246246

247+
:::image type="content" source="../media/webapp-decoded-token.png" alt-text="The token validation page" lightbox="../media/webapp-decoded-token.png":::
248+
247249
The "tid" claim is the tenant ID the token belongs to.
248250

249-
:::image type="content" source="../media/webapp-decoded-token.png" alt-text="The token validation page" lightbox="../media/webapp-decoded-token.png":::
250251

251252
## Use the token to access Microsoft Defender for Endpoint API
252253

253254
1. Choose the API you want to use. For more information, see [Supported Microsoft Defender for Endpoint APIs](exposed-apis-list.md).
254255

255-
2. Set the Authorization header in the Http request you send to "Bearer {token}" (Bearer is the Authorization scheme). The Expiration time of the token is 1 hour (you can send more than one request with the same token).
256+
2. Set the Authorization header in the Http request you send to `Bearer {token}` (Bearer is the Authorization scheme). The Expiration time of the token is one hour (you can send more than one request with the same token).
256257

257-
Here's an example of sending a request to get a list of alerts **using C#**
258+
Here's an example of sending a request to get a list of alerts using C#:
258259

259260
```csharp
260261
var httpClient = new HttpClient();

0 commit comments

Comments
 (0)