Move Defender APIs to OAuth2, fix invalid scopes

[ianhelle]

This pull request updates the Microsoft Defender and Microsoft 365 Defender data driver to use OAuth 2.0 (v2.0 endpoint and /.default scope) as the default authentication method for all Defender APIs. It also updates relevant documentation, error handling, and test cases to reflect these changes.

Authentication and API configuration updates:

• Changed all Defender API authentication flows to use OAuth 2.0 (v2.0 endpoint) and the /.default scope by default, simplifying and standardizing token acquisition across environments. [1] [2]
• Updated the construction of the resource and scope parameters to ensure correct formatting and error handling, raising a clear error if no scopes are provided for legacy OAuth 1.0 flows.
• Revised the API selection logic and documentation to clarify that OAuth 2.0 is now the default and to document the current endpoints and scopes.

Testing and versioning:

• Updated tests to expect the new OAuth 2.0 token endpoint URLs, ensuring test coverage matches the new authentication flow.
• Bumped the package version to 2.17.0 to reflect these significant changes.

[Copilot]

Pull Request Overview

This PR modernizes Microsoft Defender APIs authentication by migrating from OAuth 1.0 to OAuth 2.0 (v2.0 endpoints) and standardizes scope handling across all Defender services. The changes ensure consistent authentication patterns while maintaining backward compatibility for legacy configurations.

• Migrates all Defender APIs (MDE, M365D, M365DGraph) to use OAuth 2.0 v2.0 token endpoints
• Standardizes scope handling to use {resource}/.default pattern instead of specific permissions
• Updates documentation to reflect the new OAuth 2.0 authentication flow

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File	Description
tests/data/drivers/test_odata_drivers.py	Updates test assertion to expect v2.0 token endpoint
msticpy/data/drivers/mdatp_driver.py	Migrates API configurations to OAuth 2.0 endpoints and implements standardized scope handling
msticpy/_version.py	Bumps version to 2.17.0

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[Copilot]

Pull Request Overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[Copilot]

Pull Request Overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[FlorianBracq]

I slightly changed the 'schema' test and applied some minor linting changes.
Also tested the code on my env, and all seems to be working well!

As a side note, some parameters from the init are not documented, I don't know if it's worth addressing in this PR?

[ianhelle]

I slightly changed the 'schema' test and applied some minor linting changes. Also tested the code on my env, and all seems to be working well!

As a side note, some parameters from the init are not documented, I don't know if it's worth addressing in this PR?

Thanks so much for testing it and review.
I should fix the param docs but these classes are not really user-visible, they are all instantiated by the data provider layer. I will merge now and publish since we have an org blocked by this.