This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 28.000000000000004%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EI%3C/text%3E%3C/svg%3E)
Hi, are these endpoints still relevant? I'm having issues configuring them with GCC High.
https://zcusa.951200.xyz/en-us/defender-endpoint/gov#api
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
Hi @Givary-MSFT
I got the following errors when using "GCC High":
when using client credentials flow:
{'error': 'invalid_request', 'error_description': 'AADSTS900382: Confidential Client is not supported in Cross Cloud request. 'error_codes': [900382] }
Error in Microsoft authorization. Status: 400, body: invalid_request.
and when using the authorization code, when I'm trying to generate the authorization code:
error=invalid_resource&error_description=AADSTS500011: The resource principal named https://securitycenter.onmicrosoft.us/x was not found in the tenant named x This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.
@itay4 Thank you for sharing the details, AADSTS900382: Confidential Client is not supported in Cross Cloud request, please help us with the configuration info like is this cross tenant between commercial cloud and Azure Government.
We have the below information documented here - https://zcusa.951200.xyz/en-us/entra/identity/multi-tenant-organizations/cross-tenant-synchronization-overview#frequently-asked-questions:~:text=Frequently%20asked%20questions see if it helps.
Which clouds can cross-tenant synchronization be used in?
Feel free to reply if this info doesn't help, also help me with your cross-tenant setup (like which clouds are being used).
Hi @Givary-MSFT
How can I generate the authorization code for this API when using GCC High? Currently, I generate it as follows:
https://login.microsoftonline.us/{client.tenant_id}/oauth2/v2.0/authorize?response_type=code&scope=offline_access%20https://securitycenter.onmicrosoft.us/windowsatpservice/.default&client_id={client.client_id}&redirect_uri={client.redirect_uri}
However, I am encountering the following error:
error=invalid_resource&error_description=AADSTS500011: The resource principal named https://securitycenter.onmicrosoft.us/x was not found in the tenant named x This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.
Trace ID: e87d1078-4966-4a0a-a48f-d7b92a904d01 Correlation ID: 74c2b37b-da83-4f9b-b2ab-8e198952247b
Could you help check this?Additionally, is it possible that my organization does not allow the use of authorization code flow in GCC High? How can I verify this?
Thanks.