apis

windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md

@@ -0,0 +1,86 @@
+---
+title: Get missing KBs
+description: Retrieves a list of software inventory
+keywords: apis, graph api, supported apis, get, list, file, information, software inventory, threat & vulnerability management api, mdatp tvm api
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dolmont
+author: DulceMontemayor
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: article
+---
+
+# Get missing KBs
+
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
+
+Retrieves missing KBs by machine Id
+
+## HTTP request
+
+```
+GET /api/machines/{machineId}/getmissingkbs
+```
+
+## Request header
+
+Name | Type | Description
+:---|:---|:---
+Authorization | String | Bearer {token}. **Required**.
+
+## Request body
+
+Empty
+
+## Response
+
+If successful, this method returns 200 OK, with the specified machine missing kb data in the body.
+
+## Example
+
+### Request
+
+Here is an example of the request.
+
+```
+GET https://api.securitycenter.windows.com/api/machines/2339ad14a01bd0299afb93dfa2550136057bff96/getmissingkbs 
+```
+
+### Response
+
+Here is an example of the response.
+
+
+```json
+{
+    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Collection(microsoft.windowsDefenderATP.api.PublicProductFixDto)",
+    "value": [
+        {
+            "id": "4540673",
+            "name": "March 2020 Security Updates",
+            "productsNames": [
+                "windows_10",
+                "edge",
+                "internet_explorer"
+            ],
+            "url": "https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4540673",
+            "machineMissedOn": 1,
+            "cveAddressed": 97
+        },
+         ...
+        ]
+}
+```
+
+## Related topics
+
+- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
+- [Threat & Vulnerability software inventory](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory)

windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-software.md

@@ -0,0 +1,93 @@
+---
+title: Get missing KBs
+description: Retrieves a list of software inventory
+keywords: apis, graph api, supported apis, get, list, file, information, software inventory, threat & vulnerability management api, mdatp tvm api
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dolmont
+author: DulceMontemayor
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: article
+---
+
+# Get missing KBs
+
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
+
+Retrieves missing KBs by software Id
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
+
+Permission type |   Permission   |   Permission display name
+:---|:---|:---
+Application |Software.Read.All |   'Read Threat and Vulnerability Management Software information'
+Delegated (work or school account) | Software.Read |   'Read Threat and Vulnerability Management Software information'
+
+## HTTP request
+
+```
+GET /api/Software/{Id}/getmissingkbs
+```
+
+## Request header
+
+Name | Type | Description
+:---|:---|:---
+Authorization | String | Bearer {token}. **Required**.
+
+## Request body
+
+Empty
+
+## Response
+
+If successful, this method returns 200 OK, with the specified software missing kb data in the body.
+
+## Example
+
+### Request
+
+Here is an example of the request.
+
+```
+GET https://api.securitycenter.windows.com/api/Software/microsoft-_-edge/getmissingkbs
+```
+
+### Response
+
+Here is an example of the response.
+
+
+```json
+{
+    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Collection(microsoft.windowsDefenderATP.api.PublicProductFixDto)",
+    "value": [
+         {
+            "id": "4540673",
+            "name": "March 2020 Security Updates",
+            "productsNames": [
+                "edge"
+            ],
+            "url": "https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4540673",
+            "machineMissedOn": 240,
+            "cveAddressed": 14
+         },
+         ...
+        ]
+}
+```
+
+## Related topics
+
+- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
+- [Threat & Vulnerability software inventory](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory)

windows/security/threat-protection/microsoft-defender-atp/machine.md

@@ -25,6 +25,7 @@ ms.topic: article
 [!include[Prerelease information](../../includes/prerelease.md)]
 
 ## Methods
+
 Method|Return Type |Description
 :---|:---|:---
 [List machines](get-machines.md) | [machine](machine.md) collection | List set of [machine](machine.md) entities in the org.
@@ -36,8 +37,10 @@ Method|Return Type |Description
 [Get security recommendations](get-security-recommendations.md) | [recommendation](recommendation.md) collection | Retrieves a collection of security recommendations related to a given machine ID.
 [Add or Remove machine tags](add-or-remove-machine-tags.md) | [machine](machine.md) | Add or Remove tag to a specific machine.
 [Find machines by IP](find-machines-by-ip.md) | [machine](machine.md) collection | Find machines seen with IP.
+[Get missing KBs](get-missing-kbs-machine.md) | KB collection | Get a list of missing KBs associated with the machine ID
 
 ## Properties
+
 Property |   Type   |   Description
 :---|:---|:---
 id | String | [machine](machine.md) identity.

windows/security/threat-protection/microsoft-defender-atp/software.md

@@ -25,6 +25,7 @@ ms.topic: article
 [!include[Prerelease information](../../includes/prerelease.md)]
 
 ## Methods
+
 Method |Return Type |Description
 :---|:---|:---
 [List software](get-software.md) | Software collection | List the organizational software inventory.
@@ -32,8 +33,10 @@ Method |Return Type |Description
 [List software version distribution](get-software-ver-distribution.md)| Distribution collection | List software version distribution by software ID.
 [List machines by software](get-machines-by-software.md)| MachineRef collection | Retrieve a list of machines that are associated with the software ID.
 [List vulnerabilities by software](get-vuln-by-software.md) | [Vulnerability](vulnerability.md) collection | Retrieve a list of vulnerabilities associated with the software ID.
+[Get missing KBs](get-missing-kbs-software.md) | KB collection | Get a list of missing KBs associated with the software ID
 
 ## Properties
+
 Property |   Type   |   Description
 :---|:---|:---
 id | String | Software ID
@@ -44,4 +47,3 @@ publicExploit | Boolean | Public exploit exists for some of the vulnerabilities
 activeAlert | Boolean | Active alert is associated with this software
 exposedMachines | Long | Number of exposed machines
 impactScore | Double | Exposure score impact of this software
-

windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md

@@ -30,17 +30,15 @@ After your organization's cybersecurity weaknesses are identified and mapped to
 
 Lower your organization's exposure from vulnerabilities and increase your security configuration by remediating the security recommendations.
 
-## Remediation
-
 ## How remediation requests work
 
 When you submit a remediation request from Threat & Vulnerability Management, it kicks-off a remediation activity. A security task is created which will be tracked in the Threat & Vulnerability Management **Remediation** page, and a remediation ticket is created in Microsoft Intune.
 
 The dashboard will show the status of your top remediation activities. Select any of the entries to go to the **Remediation** page. You can mark the remediation activity as completed after the IT admin team remediates the task.
 
-## Accessing the Remediation page
+## Accessing the remediation page
 
-You can access the Remediation page in a few places in the portal:
+You can access the remediation page in a few places in the portal:
 
 - Security recommendations flyout panel
 - Navigation menu
@@ -70,7 +68,7 @@ If you want to check how the ticket shows up in Intune, see [Use Intune to remed
 2. Select the remediation activity that you want to view.
 ![Screenshot of the remediation page flyout for a software which reached end-of-support](images/remediation_flyouteolsw.png)
 
-### Top remediation activities card the dashboard
+### Top remediation activities in the dashboard
 
 1. Go to the Threat & Vulnerability Management dashboard and scroll down to the **Top remediation activities** card. The list is sorted and prioritized based on what is listed in the **Top security recommendations**.
 2. Select the remediation activity that you want to view.