deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 14:27:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'master' into MTED4EFeb2021Updates

Browse Source
This commit is contained in:
Dolcita Montemayor 2021-02-18 16:51:39 -08:00
commit bfc8e7e7c5
25 changed files with 280 additions and 340 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md
View File

@ -13,7 +13,7 @@ ms.topic: article
author: dansimp
ms.author: dansimp
ms.custom: nextgen
ms.date: 02/04/2021
ms.date: 02/18/2021
ms.reviewer:
manager: dansimp
ms.technology: mde
@ -31,13 +31,11 @@ Applies to:
> [!IMPORTANT]
> Welcome to Microsoft Defender for Endpoint, the new name for Microsoft Defender for Endpoint. Read more about this and other updates here. We'll be updating names in products and in the docs in the near future.
> [!WARNING]
> Microsoft Defender for Endpoint support for Windows Virtual Desktop multi-session scenarios is currently in Preview and limited up to 25 concurrent sessions per host/VM. However, single session scenarios on Windows Virtual Desktop are fully supported.
Microsoft Defender for Endpoint supports monitoring both VDI as well as Windows Virtual Desktop sessions. Depending on your organization's needs, you might need to implement VDI or Windows Virtual Desktop sessions to help your employees access corporate data and apps from an unmanaged device, remote location, or similar scenario. With Microsoft Defender for Endpoint, you can monitor these virtual machines for anomalous activity.
## Before you begin
Familiarize yourself with the [considerations for non-persistent VDI](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi#onboard-non-persistent-virtual-desktop-infrastructure-vdi-devices-1). Although [Windows Virtual Desktop](https://docs.microsoft.com/azure/virtual-desktop/overview) does not provide non-persistence options, it does provide ways to use a Windows image that can be used to provision new hosts and redeploy machines. This increases volatility in the environment, and thus impacts what entries are created and maintained in the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)), potentially reducing visibility for your security analysts.
See [considerations for non-persistent VDI](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi#onboard-non-persistent-virtual-desktop-infrastructure-vdi-devices-1). Although [Windows Virtual Desktop](https://docs.microsoft.com/azure/virtual-desktop/overview) does not provide non-persistence options, it does provide ways to use a Windows image that can be used to provision new hosts and redeploy machines. This increases volatility in the environment, and thus impacts what entries are created and maintained in the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)), potentially reducing visibility for your security analysts.
> [!NOTE]
> Depending on your choice of onboarding method, devices can appear in Microsoft Defender Security Center as either:
@ -77,31 +75,27 @@ This scenario uses a centrally located script and runs it using a domain-based g
#### Use Group Policy management console to run the script when the virtual machine starts
1. Open the Group Policy Management Console (GPMC), right-click the Group Policy Object (GPO) you want to configure and click **Edit**.
1. In the Group Policy Management Editor, go to **Computer configuration** \> **Preferences** \> **Control panel settings**.
1. Right-click **Scheduled tasks**, click **New**, and then click **Immediate Task** (At least Windows 7).
1. In the Task window that opens, go to the **General** tab. Under **Security options** click **Change User or Group** and type SYSTEM. Click **Check Names** and then click OK. NT AUTHORITY\SYSTEM appears as the user account the task will run as.
1. Select **Run whether user is logged on or not** and check the **Run with highest privileges** check box.
1. Go to the **Actions** tab and click **New**. Ensure that **Start a program** is selected in the Action field.
Enter the following:
> Action = "Start a program" <br>
> Program/Script = C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe <br>
> Add Arguments (optional) = -ExecutionPolicy Bypass -command "& \\Path\To\Onboard-NonPersistentMachine.ps1"
Click **OK** and close any open GPMC windows.
2. In the Group Policy Management Editor, go to **Computer configuration** > **Preferences** > **Control panel settings**.
3. Right-click **Scheduled tasks**, click **New**, and then select **Immediate Task** (At least Windows 7).
4. In the Task window that opens, go to the **General** tab. Under **Security options** click **Change User or Group** and type SYSTEM. Click **Check Names** and then click OK. `NT AUTHORITY\SYSTEM` appears as the user account under which the task will run.
5. Select **Run whether user is logged on or not** and select the **Run with highest privileges** option.
6. Go to the **Actions** tab and select **New**. Confirm that **Start a program** is selected in the **Action** field.
7. Specify the following: <br/>
- Action = **Start a program**
- Program/Script = `C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe`
- Add Arguments (optional) = `-ExecutionPolicy Bypass -command "& \\Path\To\Onboard-NonPersistentMachine.ps1"`
8. Select **OK** and close any open GPMC windows.
### Scenario 3: Onboarding using management tools
If you plan to manage your machines using a management tool, you can onboard devices with Microsoft Endpoint Configuration Manager.
For more information, see: [Onboard Windows 10 devices using Configuration Manager](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm)
> [!WARNING]
> If you plan to use [Attack Surface reduction Rules](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction), please note that rule “[Block process creations originating from PSExec and WMI commands](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-process-creations-originating-from-psexec-and-wmi-commands)" should not be used as it is incompatible with management through Microsoft Endpoint Manager because this rule blocks WMI commands the Configuration Manager client uses to function correctly.
> [!TIP]
> After onboarding the device, you can choose to run a detection test to verify that the device is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender for Endpoint device](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/run-detection-test).
If you plan to manage your machines using a management tool, you can onboard devices with Microsoft Endpoint Configuration Manager. For more information, see: [Onboard Windows 10 devices using Configuration Manager](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm)
> [!WARNING]
> If you plan to use [Attack Surface reduction Rules](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction), the rule “[Block process creations originating from PSExec and WMI commands](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-process-creations-originating-from-psexec-and-wmi-commands)" should not be used as it is incompatible with management through Microsoft Endpoint Manager because this rule blocks WMI commands the Configuration Manager client uses to function correctly.
## Tagging your machines when building your image
As part of your onboarding, you may want to consider setting a machine tag to be able to differentiate WVD machines more easily in the Microsoft Security Center. For more information, see

54
windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md
View File

@ -3,7 +3,7 @@ title: Get machine by ID API
description: Learn how to use the Get machine by ID API to retrieve a machine by its device ID or computer name in Microsoft Defender Advanced Threat Protection.
keywords: apis, graph api, supported apis, get, devices, entity, id
search.product: eADQiWindows 10XVcnh
ms.prod: m365-security
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@ -12,25 +12,25 @@ author: mjcaparas
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.collection: M365-security-compliance
ms.topic: article
ms.technology: mde
---
# Get machine by ID API
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## API description
Retrieves specific [Machine](machine.md) by its device ID or computer name.
@ -41,7 +41,7 @@ Retrieves specific [Machine](machine.md) by its device ID or computer name.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md).
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md)
Permission type | Permission | Permission display name
:---|:---|:---
@ -91,39 +91,29 @@ GET https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c29
Here is an example of the response.
```json
```http
HTTP/1.1 200 OK
Content-type: application/json
{
"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machine",
"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
"computerDnsName": "mymachine1.contoso.com",
"firstSeen": "2018-08-02T14:55:03.7791856Z",
"lastSeen": "2021-01-25T07:27:36.052313Z",
"lastSeen": "2018-08-02T14:55:03.7791856Z",
"osPlatform": "Windows10",
"version": "1709",
"osProcessor": "x64",
"version": "1901",
"lastIpAddress": "10.166.113.46",
"lastExternalIpAddress": "167.220.203.175",
"osBuild": 19042,
"lastIpAddress": "172.17.230.209",
"lastExternalIpAddress": "167.220.196.71",
"osBuild": 18209,
"healthStatus": "Active",
"deviceValue": "Normal",
"rbacGroupId": 140,
"rbacGroupName": "The-A-Team",
"riskScore": "Low",
"exposureLevel": "Low",
"aadDeviceId": "fd2e4d29-7072-4195-aaa5-1af139b78028",
"machineTags": [
"Tag1",
"Tag2"
],
"ipAddresses": [
{
"ipAddress": "10.166.113.47",
"macAddress": "8CEC4B897E73",
"operationalStatus": "Up"
},
{
"ipAddress": "2a01:110:68:4:59e4:3916:3b3e:4f96",
"macAddress": "8CEC4B897E73",
"operationalStatus": "Up"
}
]
"exposureLevel": "Medium",
"isAadJoined": true,
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
"machineTags": [ "test tag 1", "test tag 2" ]
}
```

207
windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md
View File

@ -1,104 +1,103 @@
---
title: List exposure score by device group
description: Retrieves a list of exposure scores by device group.
keywords: apis, graph api, supported apis, get, exposure score, device group, device group exposure score
search.product: eADQiWindows 10XVcnh
ms.prod: m365-security
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
author: levinec
ms.author: ellevin
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
ms.technology: mde
---
# List exposure score by device group
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
[!include[Prerelease information](../../includes/prerelease.md)]
Retrieves a collection of alerts related to a given domain address.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md)
Permission type | Permission | Permission display name
:---|:---|:---
Application | Score.Read.All | 'Read Threat and Vulnerability Management score'
Delegated (work or school account) | Score.Read | 'Read Threat and Vulnerability Management score'
## HTTP request
```
GET /api/exposureScore/ByMachineGroups
```
## Request headers
| Name | Type | Description
|:--------------|:-------|:--------------|
| Authorization | String | Bearer {token}.**Required**.
## Request body
Empty
## Response
If successful, this method returns 200 OK, with a list of exposure score per device group data in the response body.
## Example
### Request
Here is an example of the request.
```http
GET https://api.securitycenter.microsoft.com/api/exposureScore/ByMachineGroups
```
### Response
Here is an example of the response.
```json
{
"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#ExposureScore",
"value": [
{
"time": "2019-12-03T09:51:28.214338Z",
"score": 41.38041766305988,
"rbacGroupName": "GroupOne"
},
{
"time": "2019-12-03T09:51:28.2143399Z",
"score": 37.403726933165366,
"rbacGroupName": "GroupTwo"
}
...
]
}
```
## Related topics
- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
- [Threat & Vulnerability exposure score](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score)
---
title: List exposure score by device group
description: Retrieves a list of exposure scores by device group.
keywords: apis, graph api, supported apis, get, exposure score, device group, device group exposure score
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
author: levinec
ms.author: ellevin
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
---
# List exposure score by device group
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
[!include[Prerelease information](../../includes/prerelease.md)]
Retrieves a collection of alerts related to a given domain address.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md)
Permission type | Permission | Permission display name
:---|:---|:---
Application | Score.Read.All | 'Read Threat and Vulnerability Management score'
Delegated (work or school account) | Score.Read | 'Read Threat and Vulnerability Management score'
## HTTP request
```
GET /api/exposureScore/ByMachineGroups
```
## Request headers
| Name | Type | Description
|:--------------|:-------|:--------------|
| Authorization | String | Bearer {token}.**Required**.
## Request body
Empty
## Response
If successful, this method returns 200 OK, with a list of exposure score per device group data in the response body.
## Example
### Request
Here is an example of the request.
```
GET https://api.securitycenter.microsoft.com/api/exposureScore/ByMachineGroups
```
### Response
Here is an example of the response.
```json
{
"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#ExposureScore",
"value": [
{
"time": "2019-12-03T09:51:28.214338Z",
"score": 41.38041766305988,
"rbacGroupName": "GroupOne"
},
{
"time": "2019-12-03T09:51:28.2143399Z",
"score": 37.403726933165366,
"rbacGroupName": "GroupTwo"
}
...
]
}
```
## Related topics
- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
- [Threat & Vulnerability exposure score](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score)

11
windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md
View File

@ -3,7 +3,7 @@ title: Get machine logon users API
description: Learn how to use the Get machine logon users API to retrieve a collection of logged on users on a device in Microsoft Defender Advanced Threat Protection.
keywords: apis, graph api, supported apis, get, device, log on, users
search.product: eADQiWindows 10XVcnh
ms.prod: m365-security
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@ -12,9 +12,8 @@ author: mjcaparas
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.collection: M365-security-compliance
ms.topic: article
ms.technology: mde
---
# Get machine logon users API
@ -24,7 +23,7 @@ ms.technology: mde
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
@ -87,7 +86,9 @@ GET https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c29
Here is an example of the response.
```json
```http
HTTP/1.1 200 OK
Content-type: application/json
{
"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Users",
"value": [

7
windows/security/threat-protection/microsoft-defender-atp/get-machine-related-alerts.md
View File

@ -3,7 +3,7 @@ title: Get machine related alerts API
description: Learn how to use the Get machine related alerts API to retrieve all alerts related to a specific device in Microsoft Defender Advanced Threat Protection.
keywords: apis, graph api, supported apis, get, devices, related, alerts
search.product: eADQiWindows 10XVcnh
ms.prod: m365-security
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@ -12,16 +12,14 @@ author: mjcaparas
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.collection: M365-security-compliance
ms.topic: article
ms.technology: mde
---
# Get machine related alerts API
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
@ -30,7 +28,6 @@ ms.technology: mde
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## API description
Retrieves all [Alerts](alerts.md) related to a specific device.

12
windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md
View File

@ -3,7 +3,7 @@ title: Get MachineAction object API
description: Learn how to use the Get MachineAction API to retrieve a specific Machine Action by its ID in Microsoft Defender Advanced Threat Protection.
keywords: apis, graph api, supported apis, machineaction object
search.product: eADQiWindows 10XVcnh
ms.prod: m365-security
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@ -12,16 +12,14 @@ author: mjcaparas
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.collection: M365-security-compliance
ms.topic: article
ms.technology: mde
---
# Get machineAction API
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
@ -77,7 +75,7 @@ If successful, this method returns 200, Ok response code with a [Machine Action]
Here is an example of the request.
```http
```
GET https://api.securitycenter.microsoft.com/api/machineactions/2e9da30d-27f6-4208-81f2-9cd3d67893ba
```
@ -86,7 +84,9 @@ GET https://api.securitycenter.microsoft.com/api/machineactions/2e9da30d-27f6-42
Here is an example of the response.
```json
```
HTTP/1.1 200 Ok
Content-type: application/json
{
"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#MachineActions/$entity",
"id": "5382f7ea-7557-4ab7-9782-d50480024a4e",

12
windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection.md
View File

@ -3,7 +3,7 @@ title: List machineActions API
description: Learn how to use the List MachineActions API to retrieve a collection of Machine Actions in Microsoft Defender Advanced Threat Protection.
keywords: apis, graph api, supported apis, machineaction collection
search.product: eADQiWindows 10XVcnh
ms.prod: m365-security
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@ -12,9 +12,8 @@ author: mjcaparas
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.collection: M365-security-compliance
ms.topic: article
ms.technology: mde
---
# List MachineActions API
@ -30,7 +29,6 @@ ms.technology: mde
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## API description
Retrieves a collection of [Machine Actions](machineaction.md).
<br>Supports [OData V4 queries](https://www.odata.org/documentation/).
@ -82,7 +80,7 @@ If successful, this method returns 200, Ok response code with a collection of [m
Here is an example of the request on an organization that has three MachineActions.
```http
```
GET https://api.securitycenter.microsoft.com/api/machineactions
```
@ -91,7 +89,9 @@ GET https://api.securitycenter.microsoft.com/api/machineactions
Here is an example of the response.
```json
```
HTTP/1.1 200 Ok
Content-type: application/json
{
"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#MachineActions",
"value": [

10
windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md
View File

@ -3,7 +3,7 @@ title: List devices by software
description: Retrieve a list of devices that has this software installed.
keywords: apis, graph api, supported apis, get, list devices, devices list, list devices by software, mdatp tvm api
search.product: eADQiWindows 10XVcnh
ms.prod: m365-security
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@ -12,16 +12,14 @@ author: DulceMontemayor
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.collection: M365-security-compliance
ms.topic: article
ms.technology: mde
---
# List devices by software
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
@ -30,7 +28,6 @@ ms.technology: mde
[!include[Improve request performance](../../includes/improve-request-performance.md)]
[!include[Prerelease information](../../includes/prerelease.md)]
Retrieve a list of device references that has this software installed.
@ -67,7 +64,7 @@ If successful, this method returns 200 OK and a list of devices with the softwar
Here is an example of the request.
```http
```
GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/machineReferences
```
@ -76,6 +73,7 @@ GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/machi
Here is an example of the response.
```json
{
"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#MachineReferences",
"value": [

10
windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md
View File

@ -3,7 +3,7 @@ title: List devices by vulnerability
description: Retrieves a list of devices affected by a vulnerability.
keywords: apis, graph api, supported apis, get, devices list, vulnerable devices, mdatp tvm api
search.product: eADQiWindows 10XVcnh
ms.prod: m365-security
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@ -12,9 +12,8 @@ author: DulceMontemayor
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.collection: M365-security-compliance
ms.topic: article
ms.technology: mde
---
# List devices by vulnerability
@ -23,13 +22,12 @@ ms.technology: mde
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
[!include[Prerelease information](../../includes/prerelease.md)]
Retrieves a list of devices affected by a vulnerability.
@ -67,7 +65,7 @@ If successful, this method returns 200 OK with the vulnerability information in
Here is an example of the request.
```http
```
GET https://api.securitycenter.microsoft.com/api/vulnerabilities/CVE-2019-0608/machineReferences
```

62
windows/security/threat-protection/microsoft-defender-atp/get-machines.md
View File

@ -3,7 +3,7 @@ title: List machines API
description: Learn how to use the List machines API to retrieve a collection of machines that have communicated with Microsoft Defender ATP cloud.
keywords: apis, graph api, supported apis, get, devices
search.product: eADQiWindows 10XVcnh
ms.prod: m365-security
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@ -12,16 +12,14 @@ author: mjcaparas
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.collection: M365-security-compliance
ms.topic: article
ms.technology: mde
---
# List machines API
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
@ -30,15 +28,11 @@ ms.technology: mde
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## API description
Retrieves a collection of [Machines](machine.md) that have communicated with Microsoft Defender for Endpoint cloud.
Supports [OData V4 queries](https://www.odata.org/documentation/).
The OData's `$filter` query is supported on: `computerDnsName`, `lastSeen`, `healthStatus`, `osPlatform`, `riskScore` and `rbacGroupId`.
See examples at [OData queries with Defender for Endpoint](exposed-apis-odata-samples.md).
<br>Supports [OData V4 queries](https://www.odata.org/documentation/).
<br>The OData's `$filter` query is supported on: `computerDnsName`, `lastSeen`, `healthStatus`, `osPlatform`, `riskScore` and `rbacGroupId`.
<br>See examples at [OData queries with Defender for Endpoint](exposed-apis-odata-samples.md)
## Limitations
@ -58,8 +52,8 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine
>[!Note]
> When obtaining a token using user credentials:
>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information).
>- Response will include only devices, that the user have access to, based on device group settings. For more info, see [Create and manage device groups](machine-groups.md).
>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
>- Response will include only devices, that the user have access to, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)
## HTTP request
@ -95,44 +89,32 @@ GET https://api.securitycenter.microsoft.com/api/machines
Here is an example of the response.
```json
```http
HTTP/1.1 200 OK
Content-type: application/json
{
"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machines",
"value": [
{
"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
"computerDnsName": "mymachine1.contoso.com",
"firstSeen": "2018-08-02T14:55:03.7791856Z",
"lastSeen": "2021-01-25T07:27:36.052313Z",
"lastSeen": "2018-08-02T14:55:03.7791856Z",
"osPlatform": "Windows10",
"version": "1709",
"osProcessor": "x64",
"version": "1901",
"lastIpAddress": "10.166.113.46",
"lastExternalIpAddress": "167.220.203.175",
"osBuild": 19042,
"lastIpAddress": "172.17.230.209",
"lastExternalIpAddress": "167.220.196.71",
"osBuild": 18209,
"healthStatus": "Active",
"deviceValue": "Normal",
"rbacGroupId": 140,
"rbacGroupName": "The-A-Team",
"riskScore": "Low",
"exposureLevel": "Low",
"aadDeviceId": "fd2e4d29-7072-4195-aaa5-1af139b78028",
"machineTags": [
"Tag1",
"Tag2"
],
"ipAddresses": [
{
"ipAddress": "10.166.113.47",
"macAddress": "8CEC4B897E73",
"operationalStatus": "Up"
},
{
"ipAddress": "2a01:110:68:4:59e4:3916:3b3e:4f96",
"macAddress": "8CEC4B897E73",
"operationalStatus": "Up"
}
]
},
"exposureLevel": "Medium",
"isAadJoined": true,
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
"machineTags": [ "test tag 1", "test tag 2" ]
}
...
]
}

14
windows/security/threat-protection/microsoft-defender-atp/get-machinesecuritystates-collection.md
View File

@ -4,7 +4,7 @@ description: Retrieve a collection of device security states using Microsoft Def
keywords: apis, graph api, supported apis, get, device, security, state
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: m365-security
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@ -13,9 +13,8 @@ author: mjcaparas
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
ms.technology: mde
ms.collection: M365-security-compliance
ms.topic: article
---
# Get Machines security states collection API
@ -60,8 +59,9 @@ If successful - 200 OK.
Here is an example of the request.
```http
```
GET https://graph.microsoft.com/testwdatppreview/machinesecuritystates
Content-type: application/json
```
**Response**
@ -69,7 +69,9 @@ GET https://graph.microsoft.com/testwdatppreview/machinesecuritystates
Here is an example of the response.
Field *id* contains device id and equal to the field *id** in devices info.
```json
```
HTTP/1.1 200 OK
Content-type: application/json
{
"@odata.context":"https://graph.microsoft.com/testwdatppreview/$metadata#MachineSecurityStates",
"@odata.count":444,

14
windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md
View File

@ -3,7 +3,7 @@ title: Get missing KBs by device ID
description: Retrieves missing security updates by device ID
keywords: apis, graph api, supported apis, get, list, file, information, device id, threat & vulnerability management api, mdatp tvm api
search.product: eADQiWindows 10XVcnh
ms.prod: m365-security
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@ -12,16 +12,14 @@ author: levinec
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.collection: M365-security-compliance
ms.topic: article
ms.technology: mde
---
# Get missing KBs by device ID
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
@ -30,11 +28,7 @@ ms.technology: mde
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## API description
Retrieves missing KBs (security updates) by device ID.
## Limitations
1. Rate limitations for this API are 50 calls per minute and 1500 calls per hour.
Retrieves missing KBs (security updates) by device ID
## HTTP request
@ -62,7 +56,7 @@ If successful, this method returns 200 OK, with the specified device missing kb
Here is an example of the request.
```http
```
GET https://api.securitycenter.microsoft.com/api/machines/2339ad14a01bd0299afb93dfa2550136057bff96/getmissingkbs
```

9
windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-software.md
View File

@ -3,7 +3,7 @@ title: Get missing KBs by software ID
description: Retrieves missing security updates by software ID
keywords: apis, graph api, supported apis, get, list, file, information, software id, threat & vulnerability management api, mdatp tvm api
search.product: eADQiWindows 10XVcnh
ms.prod: m365-security
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@ -12,16 +12,14 @@ author: levinec
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.collection: M365-security-compliance
ms.topic: article
ms.technology: mde
---
# Get missing KBs by software ID
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
@ -30,7 +28,6 @@ ms.technology: mde
[!include[Improve request performance](../../includes/improve-request-performance.md)]
Retrieves missing KBs (security updates) by software ID
## Permissions
@ -68,7 +65,7 @@ If successful, this method returns 200 OK, with the specified software missing k
Here is an example of the request.
```http
```
GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/getmissingkbs
```

15
windows/security/threat-protection/microsoft-defender-atp/get-package-sas-uri.md
View File

@ -3,7 +3,7 @@ title: Get package SAS URI API
description: Use this API to get a URI that allows downloading an investigation package.
keywords: apis, graph api, supported apis, get package, sas, uri
search.product: eADQiWindows 10XVcnh
ms.prod: m365-security
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@ -12,16 +12,14 @@ author: mjcaparas
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.collection: M365-security-compliance
ms.topic: article
ms.technology: mde
---
# Get package SAS URI API
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
@ -30,7 +28,6 @@ ms.technology: mde
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## API description
Get a URI that allows downloading of an [Investigation package](collect-investigation-package.md).
@ -73,15 +70,19 @@ If successful, this method returns 200, Ok response code with object that holds
Here is an example of the request.
```http
```
GET https://api.securitycenter.microsoft.com/api/machineactions/7327b54fd718525cbca07dacde913b5ac3c85673/GetPackageUri
```
**Response**
Here is an example of the response.
```json
```
HTTP/1.1 200 Ok
Content-type: application/json
{
"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Edm.String",
"value": "\"https://userrequests-us.securitycenter.windows.com:443/safedownload/WDATP_Investigation_Package.zip?token=gbDyj7y%2fbWGAZjn2sFiZXlliBTXOCVG7yiJ6mXNaQ9pLByC2Wxeno9mENsPFP3xMk5l%2bZiJXjLvqAyNEzUNROxoM2I1er9dxzfVeBsxSmclJjPsAx%2btiNyxSz1Ax%2b5jaT5cL5bZg%2b8wgbwY9urXbTpGjAKh6FB1e%2b0ypcWkPm8UkfOwsmtC%2biZJ2%2bPqnkkeQk7SKMNoAvmh9%2fcqDIPKXGIBjMa0D9auzypOqd8bQXp7p2BnLSH136BxST8n9IHR4PILvRjAYW9kvtHkBpBitfydAsUW4g2oDZSPN3kCLBOoo1C4w4Lkc9Bc3GNU2IW6dfB7SHcp7G9p4BDkeJl3VuDs6esCaeBorpn9FKJ%2fXo7o9pdcI0hUPZ6Ds9hiPpwPUtz5J29CBE3QAopCK%2fsWlf6OW2WyXsrNRSnF1tVE5H3wXpREzuhD7S4AIA3OIEZKzC4jIPLeMu%2bazZU9xGwuc3gICOaokbwMJiZTqcUuK%2fV9YdBdjdg8wJ16NDU96Pl6%2fgew2KYuk6Wo7ZuHotgHI1abcsvdlpe4AvixDbqcRJthsg2PpLRaFLm5av44UGkeK6TJpFvxUn%2f9fg6Zk5yM1KUTHb8XGmutoCM8U9er6AzXZlY0gGc3D3bQOg41EJZkEZLyUEbk1hXJB36ku2%2bW01cG71t7MxMBYz7%2bdXobxpdo%3d%3bRWS%2bCeoDfTyDcfH5pkCg6hYDmCOPr%2fHYQuaUWUBNVnXURYkdyOzVHqp%2fe%2f1BNyPdVoVkpQHpz1pPS3b5g9h7IMmNKCk5gFq5m2nPx6kk9EYtzx8Ndoa2m9Yj%2bSaf8zIFke86YnfQL4AYewsnQNJJh4wc%2bXxGlBq7axDcoiOdX91rKzVicH3GSBkFoLFAKoegWWsF%2fEDZcVpF%2fXUA1K8HvB6dwyfy4y0sAqnNPxYTQ97mG7yHhxPt4Pe9YF2UPPAJVuEf8LNlQ%2bWHC9%2f7msF6UUI4%2fca%2ftpjFs%2fSNeRE8%2fyQj21TI8YTF1SowvaJuDc1ivEoeopNNGG%2bGI%2fX0SckaVxU9Hdkh0zbydSlT5SZwbSwescs0IpzECitBbaLUz4aT8KTs8T0lvx8D7Te3wVsKAJ1r3iFMQZrlk%2bS1WW8rvac7oHRx2HKURn1v7fDIQWgJr9aNsNlFz4fLJ50T2qSHuuepkLVbe93Va072aMGhvr09WVKoTpAf1j2bcFZZU6Za5PxI32mr0k90FgiYFJ1F%2f1vRDrGwvWVWUkR3Z33m4g0gHa52W1FMxQY0TJIwbovD6FaSNDx7xhKZSd5IJ7r6P91Gez49PaZRcAZPjd%2bfbul3JNm1VqQPTLohT7wa0ymRiXpSST74xtFzuEBzNSNATdbngj3%2fwV4JesTjZjIj5Dc%3d%3blumqauVlFuuO8MQffZgs0tLJ4Fq6fpeozPTdDf8Ll6XLegi079%2b4mSPFjTK0y6eohstxdoOdom2wAHiZwk0u4KLKmRkfYOdT1wHY79qKoBQ3ZDHFTys9V%2fcwKGl%2bl8IenWDutHygn5IcA1y7GTZj4g%3d%3d\""

9
windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md
View File

@ -1,9 +1,9 @@
---
title: Get recommendation by Id
description: Retrieves a security recommendation by its ID.
keywords: apis, graph api, supported apis, get, security recommendation, security recommendation by ID, threat and vulnerability management, threat and vulnerability management api
keywords: apis, graph api, supported apis, get, security recommendation, security recommendation by ID, threat and vulnerability management, threat and vulnerability management api
search.product: eADQiWindows 10XVcnh
ms.prod: m365-security
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@ -12,9 +12,8 @@ author: DulceMontemayor
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.collection: M365-security-compliance
ms.topic: article
ms.technology: mde
---
# Get recommendation by ID
@ -67,7 +66,7 @@ If successful, this method returns 200 OK with the security recommendations in t
Here is an example of the request.
```http
```
GET https://api.securitycenter.microsoft.com/api/recommendations/va-_-google-_-chrome
```

14
windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md
View File

@ -1,9 +1,9 @@
---
title: List devices by recommendation
description: Retrieves a list of devices associated with the security recommendation.
keywords: apis, graph api, supported apis, get, security recommendation for vulnerable devices, threat and vulnerability management, threat and vulnerability management api
description: Retrieves a list of devices associated with the security recommendation.
keywords: apis, graph api, supported apis, get, security recommendation for vulnerable devices, threat and vulnerability management, threat and vulnerability management api
search.product: eADQiWindows 10XVcnh
ms.prod: m365-security
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@ -12,9 +12,8 @@ author: DulceMontemayor
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.collection: M365-security-compliance
ms.topic: article
ms.technology: mde
---
# List devices by recommendation
@ -23,13 +22,12 @@ ms.technology: mde
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
[!include[Prerelease information](../../includes/prerelease.md)]
Retrieves a list of devices associated with the security recommendation.
@ -67,7 +65,7 @@ If successful, this method returns 200 OK with the list of devices associated wi
Here is an example of the request.
```http
```
GET https://api.securitycenter.microsoft.com/api/recommendations/va-_-google-_-chrome/machineReferences
```

11
windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md
View File

@ -1,9 +1,9 @@
---
title: Get recommendation by software
description: Retrieves a security recommendation related to a specific software.
keywords: apis, graph api, supported apis, get, security recommendation, security recommendation for software, threat and vulnerability management, threat and vulnerability management api
keywords: apis, graph api, supported apis, get, security recommendation, security recommendation for software, threat and vulnerability management, threat and vulnerability management api
search.product: eADQiWindows 10XVcnh
ms.prod: m365-security
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@ -12,9 +12,8 @@ author: DulceMontemayor
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.collection: M365-security-compliance
ms.topic: article
ms.technology: mde
---
# Get recommendation by software
@ -23,7 +22,7 @@ ms.technology: mde
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
@ -67,7 +66,7 @@ If successful, this method returns 200 OK with the software associated with the
Here is an example of the request.
```http
```
GET https://api.securitycenter.microsoft.com/api/recommendations/va-_-google-_-chrome/software
```

12
windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md
View File

@ -1,9 +1,9 @@
---
title: List vulnerabilities by recommendation
description: Retrieves a list of vulnerabilities associated with the security recommendation.
keywords: apis, graph api, supported apis, get, list of vulnerabilities, security recommendation, security recommendation for vulnerabilities, threat and vulnerability management, threat and vulnerability management api
keywords: apis, graph api, supported apis, get, list of vulnerabilities, security recommendation, security recommendation for vulnerabilities, threat and vulnerability management, threat and vulnerability management api
search.product: eADQiWindows 10XVcnh
ms.prod: m365-security
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@ -12,9 +12,8 @@ author: DulceMontemayor
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.collection: M365-security-compliance
ms.topic: article
ms.technology: mde
---
# List vulnerabilities by recommendation
@ -23,13 +22,12 @@ ms.technology: mde
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
[!include[Prerelease information](../../includes/prerelease.md)]
Retrieves a list of vulnerabilities associated with the security recommendation.
@ -67,7 +65,7 @@ If successful, this method returns 200 OK, with the list of vulnerabilities asso
Here is an example of the request.
```http
```
GET https://api.securitycenter.microsoft.com/api/recommendations/va-_-google-_-chrome/vulnerabilities
```

15
windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md
View File

@ -3,7 +3,7 @@ title: Get security recommendations
description: Retrieves a collection of security recommendations related to a given device ID.
keywords: apis, graph api, supported apis, get, list, file, information, security recommendation per device, threat & vulnerability management api, mdatp tvm api
search.product: eADQiWindows 10XVcnh
ms.prod: m365-security
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@ -12,9 +12,8 @@ author: DulceMontemayor
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.collection: M365-security-compliance
ms.topic: article
ms.technology: mde
---
# Get security recommendations
@ -23,7 +22,7 @@ ms.technology: mde
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
@ -31,12 +30,8 @@ ms.technology: mde
[!include[Prerelease information](../../includes/prerelease.md)]
## API description
Retrieves a collection of security recommendations related to a given device ID.
## Limitations
1. Rate limitations for this API are 50 calls per minute and 1500 calls per hour.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md)
@ -70,7 +65,7 @@ If successful, this method returns 200 OK with the security recommendations in t
Here is an example of the request.
```http
```
GET https://api.securitycenter.microsoft.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/recommendations
```
@ -79,7 +74,7 @@ GET https://api.securitycenter.microsoft.com/api/machines/ac233fa6208e1579620bf4
Here is an example of the response.
```json
```
{
"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Recommendations",
"value": [

12
windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md
View File

@ -1,9 +1,9 @@
---
title: Get software by Id
description: Retrieves a list of sofware by ID.
description: Retrieves a list of exposure scores by device group.
keywords: apis, graph api, supported apis, get, software, mdatp tvm api
search.product: eADQiWindows 10XVcnh
ms.prod: m365-security
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@ -12,16 +12,14 @@ author: DulceMontemayor
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.collection: M365-security-compliance
ms.topic: article
ms.technology: mde
---
# Get software by Id
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
@ -30,7 +28,6 @@ ms.technology: mde
[!include[Improve request performance](../../includes/improve-request-performance.md)]
[!include[Prerelease information](../../includes/prerelease.md)]
Retrieves software details by ID.
@ -67,7 +64,7 @@ If successful, this method returns 200 OK with the specified software data in th
Here is an example of the request.
```http
```
GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge
```
@ -76,6 +73,7 @@ GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge
Here is an example of the response.
```json
{
"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Software/$entity",
"id": "microsoft-_-edge",

14
windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md
View File

@ -1,9 +1,9 @@
---
title: List software version distribution
description: Retrieves a list of your organization's software version distribution
title: List software version distribution
description: Retrieves a list of your organization's software version distribution
keywords: apis, graph api, supported apis, get, software version distribution, mdatp tvm api
search.product: eADQiWindows 10XVcnh
ms.prod: m365-security
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@ -12,16 +12,14 @@ author: DulceMontemayor
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.collection: M365-security-compliance
ms.topic: article
ms.technology: mde
---
# List software version distribution
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
@ -30,7 +28,6 @@ ms.technology: mde
[!include[Improve request performance](../../includes/improve-request-performance.md)]
[!include[Prerelease information](../../includes/prerelease.md)]
Retrieves a list of your organization's software version distribution.
@ -67,7 +64,7 @@ If successful, this method returns 200 OK with a list of software distributions
Here is an example of the request.
```http
```
GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/distributions
```
@ -76,6 +73,7 @@ GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/distr
Here is an example of the response.
```json
{
"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Distributions",
"value": [

9
windows/security/threat-protection/microsoft-defender-atp/get-software.md
View File

@ -3,7 +3,7 @@ title: List software
description: Retrieves a list of software inventory
keywords: apis, graph api, supported apis, get, list, file, information, software inventory, threat & vulnerability management api, mdatp tvm api
search.product: eADQiWindows 10XVcnh
ms.prod: m365-security
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@ -12,16 +12,14 @@ author: DulceMontemayor
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.collection: M365-security-compliance
ms.topic: article
ms.technology: mde
---
# List software inventory API
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
@ -30,7 +28,6 @@ ms.technology: mde
[!include[Improve request performance](../../includes/improve-request-performance.md)]
Retrieves the organization software inventory.
## Permissions
@ -66,7 +63,7 @@ If successful, this method returns 200 OK with the software inventory in the bod
Here is an example of the request.
```http
```
GET https://api.securitycenter.microsoft.com/api/Software
```

13
windows/security/threat-protection/microsoft-defender-atp/get-started-partner-integration.md
View File

@ -5,7 +5,7 @@ description: Learn the steps and requirements to integrate your solution with Mi
keywords: partner, integration, solution validation, certification, requirements, member, misa, application portal
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: m365-security
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@ -14,18 +14,19 @@ author: mjcaparas
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.technology: mde
ms.collection: M365-security-compliance
ms.topic: conceptual
---
# Become a Microsoft Defender for Endpoint partner
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
To become a Defender for Endpoint solution partner, you'll need to follow and complete the following steps.

18
windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection.md
View File

@ -3,7 +3,7 @@ title: List Indicators API
description: Learn how to use the List Indicators API to retrieve a collection of all active Indicators in Microsoft Defender Advanced Threat Protection.
keywords: apis, public api, supported apis, Indicators collection
search.product: eADQiWindows 10XVcnh
ms.prod: m365-security
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@ -12,16 +12,14 @@ author: mjcaparas
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.collection: M365-security-compliance
ms.topic: article
ms.technology: mde
---
# List Indicators API
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
@ -78,7 +76,7 @@ If successful, this method returns 200, Ok response code with a collection of [I
Here is an example of a request that gets all Indicators
```http
```
GET https://api.securitycenter.microsoft.com/api/indicators
```
@ -86,7 +84,9 @@ GET https://api.securitycenter.microsoft.com/api/indicators
Here is an example of the response.
```json
```
HTTP/1.1 200 Ok
Content-type: application/json
{
"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Indicators",
"value": [
@ -139,7 +139,7 @@ Here is an example of the response.
Here is an example of a request that gets all Indicators with 'AlertAndBlock' action
```http
```
GET https://api.securitycenter.microsoft.com/api/indicators?$filter=action+eq+'AlertAndBlock'
```
@ -147,7 +147,9 @@ GET https://api.securitycenter.microsoft.com/api/indicators?$filter=action+eq+'A
Here is an example of the response.
```json
```
HTTP/1.1 200 Ok
Content-type: application/json
{
"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Indicators",
"value": [

14
windows/security/threat-protection/microsoft-defender-atp/get-user-information.md
View File

@ -3,7 +3,7 @@ title: Get user information API
description: Learn how to use the Get user information API to retrieve a User entity by key, or user name, in Microsoft Defender Advanced Threat Protection.
keywords: apis, graph api, supported apis, get, user, user information
search.product: eADQiWindows 10XVcnh
ms.prod: m365-security
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@ -12,9 +12,8 @@ author: mjcaparas
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.collection: M365-security-compliance
ms.topic: article
ms.technology: mde
---
# Get user information API
@ -29,7 +28,7 @@ ms.technology: mde
[!include[Improve request performance](../../includes/improve-request-performance.md)]
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
Retrieve a User entity by key (user name).
## Permissions
@ -64,8 +63,9 @@ If successful and user exists - 200 OK with [user](user.md) entity in the body.
Here is an example of the request.
```http
```
GET https://api.securitycenter.microsoft.com/api/users/user1
Content-type: application/json
```
**Response**
@ -73,7 +73,9 @@ GET https://api.securitycenter.microsoft.com/api/users/user1
Here is an example of the response.
```json
```
HTTP/1.1 200 OK
Content-type: application/json
{
"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Users/$entity",
"id": "user1",