diff --git a/windows/security/threat-protection/windows-defender-atp/TOC.md b/windows/security/threat-protection/windows-defender-atp/TOC.md index 3112131f2c..847153e0ba 100644 --- a/windows/security/threat-protection/windows-defender-atp/TOC.md +++ b/windows/security/threat-protection/windows-defender-atp/TOC.md @@ -97,7 +97,7 @@ #### [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md) #### [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md) -### [Use the Windows Defender ATP APIs](exposed-apis-windows-defender-advanced-threat-protection-new.md) +### [Use Windows Defender ATP APIs](exposed-apis-windows-defender-advanced-threat-protection-new.md) #### Supported Windows Defender ATP APIs ##### [Advanced Hunting](run-advanced-query-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection-new.md index b87ce4a973..939a5c4859 100644 --- a/windows/security/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection-new.md @@ -1,5 +1,5 @@ --- -title: Use the Windows Defender Advanced Threat Protection APIs +title: Use Windows Defender Advanced Threat Protection APIs description: Use the exposed data and actions using a set of progammatic APIs that are part of the Microsoft Intelligence Security Graph. keywords: apis, graph api, supported apis, actor, alerts, machine, user, domain, ip, file, advanced hunting, query search.product: eADQiWindows 10XVcnh @@ -13,7 +13,7 @@ ms.localizationpriority: medium ms.date: 10/23/2017 --- -# Use the Windows Defender ATP APIs +# Use Windows Defender ATP APIs **Applies to:** @@ -27,7 +27,7 @@ ms.date: 10/23/2017 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) -Windows Defender ATP exposes much of the available data and actions using a set of programmatic APIs. Those APIs will enable you to automate workflows and innovate based on Windows Defender ATP capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols-oauth-code). +Windows Defender ATP exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate workflows and innovate based on Windows Defender ATP capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols-oauth-code). In general, you’ll need to take the following steps to use the APIs: - Create an app @@ -91,6 +91,7 @@ Before using the APIs, you’ll need to create an app that you’ll use to authe 9. Set your application to be multi-tenanted This is **required** for 3rd party apps (i.e., if you create an application that is intended to run in multiple customers tenant). + This is **not required** if you create a service that you want to run in your tenant only (i.e., if you create an application for your own usage that will only interact with your own data)​ Click **Properties** > **Yes** > **Save**. diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-azure-new-app.png b/windows/security/threat-protection/windows-defender-atp/images/atp-azure-new-app.png index a4a07d3b92..4449661657 100644 Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-azure-new-app.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-azure-new-app.png differ diff --git a/windows/security/threat-protection/windows-defender-atp/images/webapp-add-permission-2.png b/windows/security/threat-protection/windows-defender-atp/images/webapp-add-permission-2.png index 24e449a94c..44708818ef 100644 Binary files a/windows/security/threat-protection/windows-defender-atp/images/webapp-add-permission-2.png and b/windows/security/threat-protection/windows-defender-atp/images/webapp-add-permission-2.png differ diff --git a/windows/security/threat-protection/windows-defender-atp/images/webapp-create.png b/windows/security/threat-protection/windows-defender-atp/images/webapp-create.png index 3d61af07e9..a091db0189 100644 Binary files a/windows/security/threat-protection/windows-defender-atp/images/webapp-create.png and b/windows/security/threat-protection/windows-defender-atp/images/webapp-create.png differ diff --git a/windows/security/threat-protection/windows-defender-atp/run-advanced-query-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/run-advanced-query-windows-defender-advanced-threat-protection.md index fbb6f4d75c..f416c36d1a 100644 --- a/windows/security/threat-protection/windows-defender-atp/run-advanced-query-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/run-advanced-query-windows-defender-advanced-threat-protection.md @@ -13,18 +13,17 @@ ms.localizationpriority: medium ms.date: 12/08/2017 --- -# Collect investigation package API +# Advanced Hunting API **Applies to:** - Windows Defender Advanced Threat Protection (Windows Defender ATP) - Run advanced query. ## Permissions -Application needs 'Run advanced queries' role. +Application needs 'Run advanced queries' role (See [How to select a permission](exposed-apis-windows-defender-advanced-threat-protection-new#create-an-app)). ## HTTP request ``` @@ -35,7 +34,7 @@ POST /advancedqueries/query Header | Value :---|:--- -Authorization | Bearer {token}. Required. +Authorization | Bearer {token}. **Required**. Content-Type | application/json ## Request body