[Sentinel] CCF Push fails when run through the MS Defender UI

[lkwdwrd]

Describe the bug
When deploying a CCF Push connector, an Entra ID application is deployed and the service principal is granted access to write to created DCR. Within the Azure portal, this deployment work and the app ID and secret are display. However when trying to deploy with the same account but through the Defender portal, the app creation fails and no app ID or secret is displayed. Furthermore, no connector instance is created. Only the DCR gets created.

There is an error saying the account does not have the required permissions, but with the same account in the Azure Portal, creation is successful.

To Reproduce
Steps to reproduce the behavior:

1. Log in to the defender portal at security.microsoft.com
2. Navigate to Sentinel, and then to the Content Hub
3. Locate a solution using CCF push (e.g. Jamf Protect)
4. Install it, then from the connector details page try to deploy the connector
5. Notice the DCR details get created, but the application details do not show up. Reloading the page, all details disappear -- no connector instance is created.

Expected behavior
The application and connector are created and details display on the screen. Refreshing shows the button grayed out and does not allow a re-deploy.

Screenshots

Desktop (please complete the following information):

• OS: Mac OS 15.7.2
• Browser: Firefox
• Version: 147.0.2