diff --git a/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md b/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md index 56e4cf24a6..da798752be 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md +++ b/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md @@ -29,17 +29,17 @@ The given timestamp must be in the past 30 days. ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) -Permission type | Permission | Permission display name +Permission type | Permission | Permission display name :---|:---|:--- -Application | Machine.Read.All | 'Read all machine profiles' -Application | Machine.ReadWrite.All | 'Read and write all machine information' +Application | Machine.Read.All | 'Read all machine profiles' +Application | Machine.ReadWrite.All | 'Read and write all machine information' Delegated (work or school account) | Machine.Read | 'Read machine information' Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine information' ->[!Note] +> [!Note] > When obtaining a token using user credentials: ->- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information) ->- Response will include only machines,that the user have access to, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information) +> - The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information) +> - Response will include only machines that the user have access to based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information) ## HTTP request ``` @@ -57,7 +57,7 @@ Empty ## Response If successful and machines were found - 200 OK with list of the machines in the response body. -If no machine found - 404 Not Found. +If no machine found - 404 Not Found. If the timestamp is not in the past 30 days - 400 Bad Request. ## Example @@ -66,12 +66,18 @@ If the timestamp is not in the past 30 days - 400 Bad Request. Here is an example of the request. -[!include[Improve request performance](improve-request-performance.md)] - ``` GET https://api.securitycenter.windows.com/api/machines/findbyip(ip='10.248.240.38',timestamp=2018-09-22T08:44:05Z) ``` +## Improve request performance + +> [!NOTE] +> You can use a server closer to your geolocation for better performance: +> - api-us.securitycenter.windows.com +> - api-eu.securitycenter.windows.com +> - api-uk.securitycenter.windows.com + **Response** Here is an example of the response. @@ -84,21 +90,21 @@ Content-type: application/json "value": [ { "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", - "computerDnsName": "mymachine1.contoso.com", - "firstSeen": "2018-08-02T14:55:03.7791856Z", - "lastSeen": "2018-09-22T08:55:03.7791856Z", - "osPlatform": "Windows10", - "osVersion": "10.0.0.0", - "lastIpAddress": "10.248.240.38", - "lastExternalIpAddress": "167.220.196.71", - "agentVersion": "10.5830.18209.1001", - "osBuild": 18209, - "healthStatus": "Active", - "rbacGroupId": 140, - "rbacGroupName": "The-A-Team", - "riskScore": "Low", - "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9", - "machineTags": [ "test tag 1", "test tag 2" ] + "computerDnsName": "mymachine1.contoso.com", + "firstSeen": "2018-08-02T14:55:03.7791856Z", + "lastSeen": "2018-09-22T08:55:03.7791856Z", + "osPlatform": "Windows10", + "osVersion": "10.0.0.0", + "lastIpAddress": "10.248.240.38", + "lastExternalIpAddress": "167.220.196.71", + "agentVersion": "10.5830.18209.1001", + "osBuild": 18209, + "healthStatus": "Active", + "rbacGroupId": 140, + "rbacGroupName": "The-A-Team", + "riskScore": "Low", + "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9", + "machineTags": [ "test tag 1", "test tag 2" ] } ] } diff --git a/windows/security/threat-protection/microsoft-defender-atp/improve-request-performance.md b/windows/security/threat-protection/microsoft-defender-atp/improve-request-performance.md deleted file mode 100644 index 880f5e4d11..0000000000 --- a/windows/security/threat-protection/microsoft-defender-atp/improve-request-performance.md +++ /dev/null @@ -1,26 +0,0 @@ ---- -title: Improve request performance -description: Improve request performance -keywords: server, request, performance -search.product: eADQiWindows 10XVcnh -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article ---- - -# Improve request performance - - ->[!NOTE] ->For better performance, you can use server closer to your geo location: -> - api-us.securitycenter.windows.com -> - api-eu.securitycenter.windows.com -> - api-uk.securitycenter.windows.com \ No newline at end of file