deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-15 23:07:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Add data about roles to all documentation pages

Browse Source
This commit is contained in:
Zvi Avidor 2018-10-04 15:13:10 +03:00
parent 1ed3b286d6
commit 4bc3a56d7c
32 changed files with 152 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
windows/security/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection-new.md
View File

@ -31,8 +31,10 @@ Permission type | Permission | Permission display name
Application | Machine.CollectForensics | 'Collect forensics' Application | Machine.CollectForensics | 'Collect forensics'
Delegated (work or school account) | Machine.CollectForensics | 'Collect forensics' Delegated (work or school account) | Machine.CollectForensics | 'Collect forensics'
>[!IMPORTANT] >[!Note]
> This response action is available for machines on Windows 10, version 1703 or later. > When obtaining a token using user credentials:
>- The user needs to have at least the following role permission: 'Alerts Investigation' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
>- The user needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
## HTTP request ## HTTP request
``` ```

5
windows/security/threat-protection/windows-defender-atp/create-alert-by-reference-windows-defender-advanced-threat-protection-new.md
View File

@ -32,6 +32,11 @@ Permission type | Permission | Permission display name
Application | Alerts.ReadWrite.All | 'Read and write all alerts' Application | Alerts.ReadWrite.All | 'Read and write all alerts'
Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts' Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
>[!Note]
> When obtaining a token using user credentials:
>- The user needs to have at least the following role permission: 'Alerts Investigation' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
>- The user needs to have access to the machine associated with the alert, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
## HTTP request ## HTTP request
``` ```
POST /api/CreateAlertByReference POST /api/CreateAlertByReference

5
windows/security/threat-protection/windows-defender-atp/find-machines-by-ip-windows-defender-advanced-threat-protection-new.md
View File

@ -33,6 +33,11 @@ Application | Machine.ReadWrite.All | 'Read and write all machine information'
Delegated (work or school account) | Machine.Read | 'Read machine information' Delegated (work or school account) | Machine.Read | 'Read machine information'
Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine information' Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine information'
>[!Note]
> When obtaining a token using user credentials:
>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
>- Response will include only machines,that the user have access to, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
## HTTP request ## HTTP request
``` ```
GET /api/machines/findbyip(ip='{IP}',timestamp={TimeStamp}) GET /api/machines/findbyip(ip='{IP}',timestamp={TimeStamp})

5
windows/security/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection-new.md
View File

@ -29,6 +29,11 @@ Permission type | Permission | Permission display name
Application | URL.Read.All | 'Read URLs' Application | URL.Read.All | 'Read URLs'
Delegated (work or school account) | URL.Read.All | 'Read URLs' Delegated (work or school account) | URL.Read.All | 'Read URLs'
>[!Note]
> When obtaining a token using user credentials:
>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
>- The user needs to have access to the machine associated with the alert, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
## HTTP request ## HTTP request
``` ```
GET /api/alerts/{id}/domains GET /api/alerts/{id}/domains

5
windows/security/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection-new.md
View File

@ -29,6 +29,11 @@ Permission type | Permission | Permission display name
Application | File.Read.All | 'Read file profiles' Application | File.Read.All | 'Read file profiles'
Delegated (work or school account) | File.Read.All | 'Read file profiles' Delegated (work or school account) | File.Read.All | 'Read file profiles'
>[!Note]
> When obtaining a token using user credentials:
>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
>- The user needs to have access to the machine associated with the alert, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
## HTTP request ## HTTP request
``` ```
GET /api/alerts/{id}/files GET /api/alerts/{id}/files

5
windows/security/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection-new.md
View File

@ -31,6 +31,11 @@ Application | Machine.ReadWrite.All | 'Read and write all machine information'
Delegated (work or school account) | Machine.Read | 'Read machine information' Delegated (work or school account) | Machine.Read | 'Read machine information'
Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine information' Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine information'
>[!Note]
> When obtaining a token using user credentials:
>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
>- The user needs to have access to the machine associated with the alert, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
## HTTP request ## HTTP request
``` ```
GET /api/alerts/{id}/machine GET /api/alerts/{id}/machine

5
windows/security/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection-new.md
View File

@ -30,6 +30,11 @@ Permission type | Permission | Permission display name
Application | User.Read.All | 'Read user profiles' Application | User.Read.All | 'Read user profiles'
Delegated (work or school account) | User.Read.All | 'Read user profiles' Delegated (work or school account) | User.Read.All | 'Read user profiles'
>[!Note]
> When obtaining a token using user credentials:
>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
>- The user needs to have access to the machine associated with the alert, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
## HTTP request ## HTTP request
``` ```
GET /api/alerts/{id}/user GET /api/alerts/{id}/user

5
windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection-new.md
View File

@ -34,6 +34,11 @@ Application | Alert.ReadWrite.All | 'Read and write all alerts'
Delegated (work or school account) | Alert.Read | 'Read alerts' Delegated (work or school account) | Alert.Read | 'Read alerts'
Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts' Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
>[!Note]
> When obtaining a token using user credentials:
>- The user needs to have at least the following role permission: 'Alerts Investigation' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
>- The user needs to have access to the machine associated with the alert, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
## HTTP request ## HTTP request
``` ```
GET /api/alerts GET /api/alerts

5
windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection-new.md
View File

@ -36,6 +36,11 @@ Application | Alert.ReadWrite.All | 'Read and write all alerts'
Delegated (work or school account) | Alert.Read | 'Read alerts' Delegated (work or school account) | Alert.Read | 'Read alerts'
Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts' Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
>[!Note]
> When obtaining a token using user credentials:
>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
>- Response will include only alerts, associated with machines, that the user have access to, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
## HTTP request ## HTTP request
``` ```
GET /api/domains/{domain}/alerts GET /api/domains/{domain}/alerts

5
windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection-new.md
View File

@ -35,6 +35,11 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine
``` ```
GET /api/domains/{domain}/machines GET /api/domains/{domain}/machines
``` ```
>[!Note]
> When obtaining a token using user credentials:
>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
>- Only machines that the user can access, based on machine group settings will be listed (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
## Request headers ## Request headers

4
windows/security/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection-new.md
View File

@ -30,6 +30,10 @@ Permission type | Permission | Permission display name
Application | URL.Read.All | 'Read URLs' Application | URL.Read.All | 'Read URLs'
Delegated (work or school account) | URL.Read.All | 'Read URLs' Delegated (work or school account) | URL.Read.All | 'Read URLs'
>[!Note]
> When obtaining a token using user credentials:
>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
## HTTP request ## HTTP request
``` ```
GET /api/domains/{domain}/stats GET /api/domains/{domain}/stats

8
windows/security/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection-new.md
View File

@ -21,9 +21,6 @@ ms.date: 12/08/2017
[!include[Prerelease information](prerelease.md)] [!include[Prerelease information](prerelease.md)]
Retrieves a file by identifier Sha1, Sha256, or MD5. Retrieves a file by identifier Sha1, Sha256, or MD5.
## Permissions ## Permissions
@ -34,6 +31,11 @@ Permission type | Permission | Permission display name
Application | File.Read.All | 'Read all file profiles' Application | File.Read.All | 'Read all file profiles'
Delegated (work or school account) | File.Read.All | 'Read all file profiles' Delegated (work or school account) | File.Read.All | 'Read all file profiles'
>[!Note]
> When obtaining a token using user credentials:
>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
## HTTP request ## HTTP request
``` ```
GET /api/files/{id} GET /api/files/{id}

8
windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection-new.md
View File

@ -22,9 +22,6 @@ ms.date: 12/08/2017
[!include[Prerelease information](prerelease.md)] [!include[Prerelease information](prerelease.md)]
Retrieves a collection of alerts related to a given file hash. Retrieves a collection of alerts related to a given file hash.
## Permissions ## Permissions
@ -37,6 +34,11 @@ Application | Alert.ReadWrite.All | 'Read and write all alerts'
Delegated (work or school account) | Alert.Read | 'Read alerts' Delegated (work or school account) | Alert.Read | 'Read alerts'
Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts' Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
>[!Note]
> When obtaining a token using user credentials:
>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
>- Response will include only alerts, associated with machines, that the user have access to, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
## HTTP request ## HTTP request
``` ```
GET /api/files/{id}/alerts GET /api/files/{id}/alerts

5
windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection-new.md
View File

@ -32,6 +32,11 @@ Application | Machine.ReadWrite.All | 'Read and write all machine information'
Delegated (work or school account) | Machine.Read | 'Read machine information' Delegated (work or school account) | Machine.Read | 'Read machine information'
Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine information' Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine information'
>[!Note]
> When obtaining a token using user credentials:
>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
>- Response will include only machines, that the user have access to, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
## HTTP request ## HTTP request
``` ```
GET /api/files/{id}/machines GET /api/files/{id}/machines

4
windows/security/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection-new.md
View File

@ -34,6 +34,10 @@ Permission type | Permission | Permission display name
Application | File.Read.All | 'Read file profiles' Application | File.Read.All | 'Read file profiles'
Delegated (work or school account) | File.Read.All | 'Read file profiles' Delegated (work or school account) | File.Read.All | 'Read file profiles'
>[!Note]
> When obtaining a token using user credentials:
>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
## HTTP request ## HTTP request
``` ```
GET /api/files/{id}/stats GET /api/files/{id}/stats

5
windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection-new.md
View File

@ -32,6 +32,11 @@ Application | Alert.ReadWrite.All | 'Read and write all alerts'
Delegated (work or school account) | Alert.Read | 'Read alerts' Delegated (work or school account) | Alert.Read | 'Read alerts'
Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts' Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
>[!Note]
> When obtaining a token using user credentials:
>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
>- Response will include only alerts, associated with machines, that the user have access to, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
## HTTP request ## HTTP request
``` ```
GET /api/ips/{ip}/alerts GET /api/ips/{ip}/alerts

5
windows/security/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection-new.md
View File

@ -32,6 +32,11 @@ Application | Machine.ReadWrite.All | 'Read and write all machine information'
Delegated (work or school account) | Machine.Read | 'Read machine information' Delegated (work or school account) | Machine.Read | 'Read machine information'
Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine information' Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine information'
>[!Note]
> When obtaining a token using user credentials:
>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
>- Response will include only machines, that the user have access to, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
## HTTP request ## HTTP request
``` ```
GET /api/ips/{ip}/machines GET /api/ips/{ip}/machines

4
windows/security/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection-new.md
View File

@ -32,6 +32,10 @@ Permission type | Permission | Permission display name
Application | Ip.Read.All | 'Read IP address profiles' Application | Ip.Read.All | 'Read IP address profiles'
Delegated (work or school account) | Ip.Read.All | 'Read IP address profiles' Delegated (work or school account) | Ip.Read.All | 'Read IP address profiles'
>[!Note]
> When obtaining a token using user credentials:
>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
## HTTP request ## HTTP request
``` ```
GET /api/ips/{ip}/stats GET /api/ips/{ip}/stats

6
windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection-new.md
View File

@ -32,6 +32,12 @@ Application | Machine.ReadWrite.All | 'Read and write all machine information'
Delegated (work or school account) | Machine.Read | 'Read machine information' Delegated (work or school account) | Machine.Read | 'Read machine information'
Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine information' Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine information'
>[!Note]
> When obtaining a token using user credentials:
>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
>- Response will include only machines, that the user have access to, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
## HTTP request ## HTTP request
``` ```
GET /api/machines/{id} GET /api/machines/{id}

5
windows/security/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection-new.md
View File

@ -30,6 +30,11 @@ Permission type | Permission | Permission display name
Application | User.Read.All | 'Read user profiles' Application | User.Read.All | 'Read user profiles'
Delegated (work or school account) | User.Read.All | 'Read user profiles' Delegated (work or school account) | User.Read.All | 'Read user profiles'
>[!Note]
> When obtaining a token using user credentials:
>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
>- Response will include users only if the machine is visible to the user, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
## HTTP request ## HTTP request
``` ```
GET /api/machines/{id}/logonusers GET /api/machines/{id}/logonusers

5
windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection-new.md
View File

@ -32,6 +32,11 @@ Application | Alert.ReadWrite.All | 'Read and write all alerts'
Delegated (work or school account) | Alert.Read | 'Read alerts' Delegated (work or school account) | Alert.Read | 'Read alerts'
Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts' Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
>[!Note]
> When obtaining a token using user credentials:
>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
>- Response will include only alerts, associated with machines, that the user have access to, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
## HTTP request ## HTTP request
``` ```
GET /api/machines/{id}/alerts GET /api/machines/{id}/alerts

4
windows/security/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection-new.md
View File

@ -31,6 +31,10 @@ Application | Machine.ReadWrite.All | 'Read and write all machine information'
Delegated (work or school account) | Machine.Read | 'Read machine information' Delegated (work or school account) | Machine.Read | 'Read machine information'
Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine information' Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine information'
>[!Note]
> When obtaining a token using user credentials:
>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
## HTTP request ## HTTP request
``` ```
GET https://api.securitycenter.windows.com/api/machineactions/{id} GET https://api.securitycenter.windows.com/api/machineactions/{id}

4
windows/security/threat-protection/windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection-new.md
View File

@ -34,6 +34,10 @@ Application | Machine.ReadWrite.All | 'Read and write all machine information'
Delegated (work or school account) | Machine.Read | 'Read machine information' Delegated (work or school account) | Machine.Read | 'Read machine information'
Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine information' Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine information'
>[!Note]
> When obtaining a token using user credentials:
>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
## HTTP request ## HTTP request
``` ```
GET https://api.securitycenter.windows.com/api/machineactions GET https://api.securitycenter.windows.com/api/machineactions

5
windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection-new.md
View File

@ -34,6 +34,11 @@ Application | Machine.ReadWrite.All | 'Read and write all machine information'
Delegated (work or school account) | Machine.Read | 'Read machine information' Delegated (work or school account) | Machine.Read | 'Read machine information'
Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine information' Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine information'
>[!Note]
> When obtaining a token using user credentials:
>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
>- Response will include only machines,that the user have access to, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
## HTTP request ## HTTP request
``` ```
GET https://api.securitycenter.windows.com/api/machines GET https://api.securitycenter.windows.com/api/machines

5
windows/security/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection-new.md
View File

@ -29,6 +29,11 @@ Permission type | Permission | Permission display name
Application | Machine.CollectForensics | 'Collect forensics' Application | Machine.CollectForensics | 'Collect forensics'
Delegated (work or school account) | Machine.CollectForensics | 'Collect forensics' Delegated (work or school account) | Machine.CollectForensics | 'Collect forensics'
>[!Note]
> When obtaining a token using user credentials:
>- The user needs to have at least the following role permission: 'Alerts Investigation' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
>- The user needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
## HTTP request ## HTTP request
``` ```
GET https://api.securitycenter.windows.com/api/machineactions/{machine action id}/getPackageUri GET https://api.securitycenter.windows.com/api/machineactions/{machine action id}/getPackageUri

6
windows/security/threat-protection/windows-defender-atp/offboard-machine-api-windows-defender-advanced-threat-protection-new.md
View File

@ -31,8 +31,10 @@ Permission type | Permission | Permission display name
Application | Machine.Offboard | 'Offboard machine' Application | Machine.Offboard | 'Offboard machine'
Delegated (work or school account) | Machine.Offboard | 'Offboard machine' Delegated (work or school account) | Machine.Offboard | 'Offboard machine'
>[!IMPORTANT] >[!Note]
> This response action is available for machines on Windows 10, version 1703 or later. > When obtaining a token using user credentials:
>- The user needs to 'Global Admin' AD role
>- The user needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
## HTTP request ## HTTP request
``` ```

7
windows/security/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection-new.md
View File

@ -31,9 +31,10 @@ Permission type | Permission | Permission display name
Application | Machine.RestrictExecution | 'Restrict code execution' Application | Machine.RestrictExecution | 'Restrict code execution'
Delegated (work or school account) | Machine.RestrictExecution | 'Restrict code execution' Delegated (work or school account) | Machine.RestrictExecution | 'Restrict code execution'
>[!IMPORTANT] >[!Note]
> - This action is available for machines on Windows 10, version 1709 or later. > When obtaining a token using user credentials:
> - This action needs to meet the Windows Defender Application Control code integrity policy formats and signing requirements. For more information, see [Code integrity policy formats and signing](https://docs.microsoft.com/en-us/windows/device-security/device-guard/requirements-and-deployment-planning-guidelines-for-device-guard#code-integrity-policy-formats-and-signing). >- The user needs to have at least the following role permission: 'Active remediation actions' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
>- The user needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
## HTTP request ## HTTP request
``` ```

5
windows/security/threat-protection/windows-defender-atp/run-advanced-query-api.md
View File

@ -39,6 +39,11 @@ Permission type | Permission | Permission display name
Application | AdvancedQuery.Read.All | 'Run advanced queries' Application | AdvancedQuery.Read.All | 'Run advanced queries'
Delegated (work or school account) | AdvancedQuery.Read | 'Run advanced queries' Delegated (work or school account) | AdvancedQuery.Read | 'Run advanced queries'
>[!Note]
> When obtaining a token using user credentials:
>- The user needs to 'Global Admin' AD role
>- The user needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
## HTTP request ## HTTP request
``` ```
POST /advancedqueries/query POST /advancedqueries/query

7
windows/security/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection-new.md
View File

@ -31,9 +31,10 @@ Permission type | Permission | Permission display name
Application | Machine.Scan | 'Scan machine' Application | Machine.Scan | 'Scan machine'
Delegated (work or school account) | Machine.Scan | 'Scan machine' Delegated (work or school account) | Machine.Scan | 'Scan machine'
>[!IMPORTANT] >[!Note]
>- This action is available for machines on Windows 10, version 1709 or later. > When obtaining a token using user credentials:
>- A Windows Defender Antivirus (Windows Defender AV) scan can run alongside other antivirus solutions, whether Windows Defender AV is the active antivirus solution or not. Windows Defender AV can be in Passive mode. For more information, see [Windows Defender Antivirus compatibility](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md). >- The user needs to have at least the following role permission: 'Active remediation actions' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
>- The user needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
## HTTP request ## HTTP request
``` ```

5
windows/security/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection-new.md
View File

@ -29,6 +29,11 @@ Permission type | Permission | Permission display name
Application | Machine.Isolate | 'Isolate machine' Application | Machine.Isolate | 'Isolate machine'
Delegated (work or school account) | Machine.Isolate | 'Isolate machine' Delegated (work or school account) | Machine.Isolate | 'Isolate machine'
>[!Note]
> When obtaining a token using user credentials:
>- The user needs to have at least the following role permission: 'Active remediation actions' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
>- The user needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
## HTTP request ## HTTP request
``` ```
POST https://api.securitycenter.windows.com/api/machines/{id}/unisolate POST https://api.securitycenter.windows.com/api/machines/{id}/unisolate

5
windows/security/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection-new.md
View File

@ -31,6 +31,11 @@ Permission type | Permission | Permission display name
Application | Machine.RestrictExecution | 'Restrict code execution' Application | Machine.RestrictExecution | 'Restrict code execution'
Delegated (work or school account) | Machine.RestrictExecution | 'Restrict code execution' Delegated (work or school account) | Machine.RestrictExecution | 'Restrict code execution'
>[!Note]
> When obtaining a token using user credentials:
>- The user needs to have at least the following role permission: 'Active remediation actions' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
>- The user needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
## HTTP request ## HTTP request
``` ```
POST https://api.securitycenter.windows.com/api/machines/{id}/unrestrictCodeExecution POST https://api.securitycenter.windows.com/api/machines/{id}/unrestrictCodeExecution

5
windows/security/threat-protection/windows-defender-atp/update-alert-windows-defender-advanced-threat-protection-new.md
View File

@ -30,6 +30,11 @@ Permission type | Permission | Permission display name
Application | Alerts.ReadWrite.All | 'Read and write all alerts' Application | Alerts.ReadWrite.All | 'Read and write all alerts'
Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts' Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
>[!Note]
> When obtaining a token using user credentials:
>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
>- The user needs to have access to the machine associated with the alert, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
## HTTP request ## HTTP request
``` ```
PATCH /api/alerts/{id} PATCH /api/alerts/{id}