Microsoft Defender · OAuth Scopes

Microsoft Defender OAuth Scopes

OAuth 2.0 derived

Microsoft Defender publishes 1 OAuth 2.0 scope via the clientCredentials and authorizationCode flows. Scopes are the fine-grained permissions an application requests at authorization time to act against the Microsoft Defender API on a user’s behalf.

Tokens are issued from https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token.

This index is generated from the provider’s OpenAPI security definitions (and, where available, its documented scope reference) and refreshes on every APIs.io network build. Browse every provider’s scopes at scopes.apis.io.

Scopes: 1 Flows: clientCredentials, authorizationCode Method: derived

OAuth endpoints

Authorization URL
https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/authorize
Token URL
https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token
Flows
clientCredentialsauthorizationCode

Scopes (1)

ScopeDescriptionFlows
https://api.security.microsoft.com/.default Default scope for application permissions authorizationCode, clientCredentials

Source

OAuth Scopes

microsoft-defender-scopes.yml Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/microsoft-defender-for-endpoint-api-openapi.yml
schemes:
- name: oauth2
  source: openapi/microsoft-defender-for-endpoint-api-openapi.yml
  flows:
  - flow: clientCredentials
    tokenUrl: https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token
  - flow: authorizationCode
    authorizationUrl: https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/authorize
    tokenUrl: https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token
  description: OAuth 2.0 authentication using Microsoft Entra ID (Azure AD). Supports both application-level
    and delegated permissions.
scopes:
- scope: https://api.security.microsoft.com/.default
  description: Default scope for application permissions
  flows:
  - authorizationCode
  - clientCredentials
  sources:
  - openapi/microsoft-defender-for-endpoint-api-openapi.yml