mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-15 14:57:23 +00:00
add roles info to docs
This commit is contained in:
Zvi Avidor
parent
01e839ad12
commit
c456731193
@ -19,10 +19,10 @@ ms.date: 12/08/2017
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
|
||||
|
||||
|
||||
Collect investigation package from a machine.
|
||||
|
||||
[!include[Machine actions note](machineactionsnote.md)]
|
||||
|
||||
## Permissions
|
||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](exposed-apis-intro.md)
|
||||
|
||||
@ -31,8 +31,10 @@ Permission type | Permission | Permission display name
|
||||
Application | Machine.CollectForensics | 'Collect forensics'
|
||||
Delegated (work or school account) | Machine.CollectForensics | 'Collect forensics'
|
||||
|
||||
>[!IMPORTANT]
|
||||
> This response action is available for machines on Windows 10, version 1703 or later.
|
||||
>[!Note]
|
||||
> When obtaining a token using user credentials:
|
||||
>- The user needs to have at least the following role permission: 'Alerts Investigation' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
|
||||
>- The user needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
|
||||
|
||||
## HTTP request
|
||||
```
|
||||
|
||||
@ -30,7 +30,6 @@ One of the following permissions is required to call this API. To learn more, in
|
||||
Permission type | Permission | Permission display name
|
||||
:---|:---|:---
|
||||
Application | Alerts.ReadWrite.All | 'Read and write all alerts'
|
||||
Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
|
||||
|
||||
## HTTP request
|
||||
```
|
||||
|
||||
@ -33,6 +33,11 @@ Application | Machine.ReadWrite.All | 'Read and write all machine information'
|
||||
Delegated (work or school account) | Machine.Read | 'Read machine information'
|
||||
Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine information'
|
||||
|
||||
>[!Note]
|
||||
> When obtaining a token using user credentials:
|
||||
>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
|
||||
>- Response will include only machines,that the user have access to, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
|
||||
|
||||
## HTTP request
|
||||
```
|
||||
GET /api/machines/findbyip(ip='{IP}',timestamp={TimeStamp})
|
||||
|
||||
@ -29,6 +29,11 @@ Permission type | Permission | Permission display name
|
||||
Application | URL.Read.All | 'Read URLs'
|
||||
Delegated (work or school account) | URL.Read.All | 'Read URLs'
|
||||
|
||||
>[!Note]
|
||||
> When obtaining a token using user credentials:
|
||||
>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
|
||||
>- The user needs to have access to the machine associated with the alert, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
|
||||
|
||||
## HTTP request
|
||||
```
|
||||
GET /api/alerts/{id}/domains
|
||||
|
||||
@ -29,6 +29,11 @@ Permission type | Permission | Permission display name
|
||||
Application | File.Read.All | 'Read file profiles'
|
||||
Delegated (work or school account) | File.Read.All | 'Read file profiles'
|
||||
|
||||
>[!Note]
|
||||
> When obtaining a token using user credentials:
|
||||
>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
|
||||
>- The user needs to have access to the machine associated with the alert, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
|
||||
|
||||
## HTTP request
|
||||
```
|
||||
GET /api/alerts/{id}/files
|
||||
|
||||
@ -31,6 +31,11 @@ Application | Machine.ReadWrite.All | 'Read and write all machine information'
|
||||
Delegated (work or school account) | Machine.Read | 'Read machine information'
|
||||
Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine information'
|
||||
|
||||
>[!Note]
|
||||
> When obtaining a token using user credentials:
|
||||
>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
|
||||
>- The user needs to have access to the machine associated with the alert, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
|
||||
|
||||
## HTTP request
|
||||
```
|
||||
GET /api/alerts/{id}/machine
|
||||
|
||||
@ -30,6 +30,11 @@ Permission type | Permission | Permission display name
|
||||
Application | User.Read.All | 'Read user profiles'
|
||||
Delegated (work or school account) | User.Read.All | 'Read user profiles'
|
||||
|
||||
>[!Note]
|
||||
> When obtaining a token using user credentials:
|
||||
>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
|
||||
>- The user needs to have access to the machine associated with the alert, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
|
||||
|
||||
## HTTP request
|
||||
```
|
||||
GET /api/alerts/{id}/user
|
||||
|
||||
@ -34,6 +34,11 @@ Application | Alert.ReadWrite.All | 'Read and write all alerts'
|
||||
Delegated (work or school account) | Alert.Read | 'Read alerts'
|
||||
Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
|
||||
|
||||
>[!Note]
|
||||
> When obtaining a token using user credentials:
|
||||
>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
|
||||
>- The user needs to have access to the machine associated with the alert, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
|
||||
|
||||
## HTTP request
|
||||
```
|
||||
GET /api/alerts
|
||||
|
||||
@ -36,6 +36,11 @@ Application | Alert.ReadWrite.All | 'Read and write all alerts'
|
||||
Delegated (work or school account) | Alert.Read | 'Read alerts'
|
||||
Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
|
||||
|
||||
>[!Note]
|
||||
> When obtaining a token using user credentials:
|
||||
>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
|
||||
>- Response will include only alerts, associated with machines, that the user have access to, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
|
||||
|
||||
## HTTP request
|
||||
```
|
||||
GET /api/domains/{domain}/alerts
|
||||
|
||||
@ -35,6 +35,11 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine
|
||||
```
|
||||
GET /api/domains/{domain}/machines
|
||||
```
|
||||
>[!Note]
|
||||
> When obtaining a token using user credentials:
|
||||
>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
|
||||
>- Only machines that the user can access, based on machine group settings will be listed (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
|
||||
|
||||
|
||||
## Request headers
|
||||
|
||||
|
||||
@ -30,6 +30,10 @@ Permission type | Permission | Permission display name
|
||||
Application | URL.Read.All | 'Read URLs'
|
||||
Delegated (work or school account) | URL.Read.All | 'Read URLs'
|
||||
|
||||
>[!Note]
|
||||
> When obtaining a token using user credentials:
|
||||
>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
|
||||
|
||||
## HTTP request
|
||||
```
|
||||
GET /api/domains/{domain}/stats
|
||||
|
||||
@ -21,9 +21,6 @@ ms.date: 12/08/2017
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
Retrieves a file by identifier Sha1, Sha256, or MD5.
|
||||
|
||||
## Permissions
|
||||
@ -34,6 +31,11 @@ Permission type | Permission | Permission display name
|
||||
Application | File.Read.All | 'Read all file profiles'
|
||||
Delegated (work or school account) | File.Read.All | 'Read all file profiles'
|
||||
|
||||
>[!Note]
|
||||
> When obtaining a token using user credentials:
|
||||
>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
|
||||
|
||||
|
||||
## HTTP request
|
||||
```
|
||||
GET /api/files/{id}
|
||||
|
||||
@ -22,9 +22,6 @@ ms.date: 12/08/2017
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
Retrieves a collection of alerts related to a given file hash.
|
||||
|
||||
## Permissions
|
||||
@ -37,6 +34,11 @@ Application | Alert.ReadWrite.All | 'Read and write all alerts'
|
||||
Delegated (work or school account) | Alert.Read | 'Read alerts'
|
||||
Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
|
||||
|
||||
>[!Note]
|
||||
> When obtaining a token using user credentials:
|
||||
>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
|
||||
>- Response will include only alerts, associated with machines, that the user have access to, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
|
||||
|
||||
## HTTP request
|
||||
```
|
||||
GET /api/files/{id}/alerts
|
||||
|
||||
@ -32,6 +32,11 @@ Application | Machine.ReadWrite.All | 'Read and write all machine information'
|
||||
Delegated (work or school account) | Machine.Read | 'Read machine information'
|
||||
Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine information'
|
||||
|
||||
>[!Note]
|
||||
> When obtaining a token using user credentials:
|
||||
>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
|
||||
>- Response will include only machines, that the user have access to, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
|
||||
|
||||
## HTTP request
|
||||
```
|
||||
GET /api/files/{id}/machines
|
||||
|
||||
@ -34,6 +34,10 @@ Permission type | Permission | Permission display name
|
||||
Application | File.Read.All | 'Read file profiles'
|
||||
Delegated (work or school account) | File.Read.All | 'Read file profiles'
|
||||
|
||||
>[!Note]
|
||||
> When obtaining a token using user credentials:
|
||||
>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
|
||||
|
||||
## HTTP request
|
||||
```
|
||||
GET /api/files/{id}/stats
|
||||
|
||||
@ -32,6 +32,11 @@ Application | Alert.ReadWrite.All | 'Read and write all alerts'
|
||||
Delegated (work or school account) | Alert.Read | 'Read alerts'
|
||||
Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
|
||||
|
||||
>[!Note]
|
||||
> When obtaining a token using user credentials:
|
||||
>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
|
||||
>- Response will include only alerts, associated with machines, that the user have access to, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
|
||||
|
||||
## HTTP request
|
||||
```
|
||||
GET /api/ips/{ip}/alerts
|
||||
|
||||
@ -32,6 +32,11 @@ Application | Machine.ReadWrite.All | 'Read and write all machine information'
|
||||
Delegated (work or school account) | Machine.Read | 'Read machine information'
|
||||
Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine information'
|
||||
|
||||
>[!Note]
|
||||
> When obtaining a token using user credentials:
|
||||
>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
|
||||
>- Response will include only machines, that the user have access to, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
|
||||
|
||||
## HTTP request
|
||||
```
|
||||
GET /api/ips/{ip}/machines
|
||||
|
||||
@ -32,6 +32,10 @@ Permission type | Permission | Permission display name
|
||||
Application | Ip.Read.All | 'Read IP address profiles'
|
||||
Delegated (work or school account) | Ip.Read.All | 'Read IP address profiles'
|
||||
|
||||
>[!Note]
|
||||
> When obtaining a token using user credentials:
|
||||
>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
|
||||
|
||||
## HTTP request
|
||||
```
|
||||
GET /api/ips/{ip}/stats
|
||||
|
||||
@ -32,6 +32,12 @@ Application | Machine.ReadWrite.All | 'Read and write all machine information'
|
||||
Delegated (work or school account) | Machine.Read | 'Read machine information'
|
||||
Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine information'
|
||||
|
||||
>[!Note]
|
||||
> When obtaining a token using user credentials:
|
||||
>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
|
||||
>- Response will include only machines, that the user have access to, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
|
||||
|
||||
|
||||
## HTTP request
|
||||
```
|
||||
GET /api/machines/{id}
|
||||
|
||||
@ -30,6 +30,11 @@ Permission type | Permission | Permission display name
|
||||
Application | User.Read.All | 'Read user profiles'
|
||||
Delegated (work or school account) | User.Read.All | 'Read user profiles'
|
||||
|
||||
>[!Note]
|
||||
> When obtaining a token using user credentials:
|
||||
>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
|
||||
>- Response will include users only if the machine is visible to the user, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
|
||||
|
||||
## HTTP request
|
||||
```
|
||||
GET /api/machines/{id}/logonusers
|
||||
|
||||
@ -32,6 +32,11 @@ Application | Alert.ReadWrite.All | 'Read and write all alerts'
|
||||
Delegated (work or school account) | Alert.Read | 'Read alerts'
|
||||
Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
|
||||
|
||||
>[!Note]
|
||||
> When obtaining a token using user credentials:
|
||||
>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
|
||||
>- Response will include only alerts, associated with machines, that the user have access to, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
|
||||
|
||||
## HTTP request
|
||||
```
|
||||
GET /api/machines/{id}/alerts
|
||||
|
||||
@ -31,6 +31,10 @@ Application | Machine.ReadWrite.All | 'Read and write all machine information'
|
||||
Delegated (work or school account) | Machine.Read | 'Read machine information'
|
||||
Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine information'
|
||||
|
||||
>[!Note]
|
||||
> When obtaining a token using user credentials:
|
||||
>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
|
||||
|
||||
## HTTP request
|
||||
```
|
||||
GET https://api.securitycenter.windows.com/api/machineactions/{id}
|
||||
|
||||
@ -34,6 +34,10 @@ Application | Machine.ReadWrite.All | 'Read and write all machine information'
|
||||
Delegated (work or school account) | Machine.Read | 'Read machine information'
|
||||
Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine information'
|
||||
|
||||
>[!Note]
|
||||
> When obtaining a token using user credentials:
|
||||
>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
|
||||
|
||||
## HTTP request
|
||||
```
|
||||
GET https://api.securitycenter.windows.com/api/machineactions
|
||||
|
||||
@ -34,6 +34,11 @@ Application | Machine.ReadWrite.All | 'Read and write all machine information'
|
||||
Delegated (work or school account) | Machine.Read | 'Read machine information'
|
||||
Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine information'
|
||||
|
||||
>[!Note]
|
||||
> When obtaining a token using user credentials:
|
||||
>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
|
||||
>- Response will include only machines,that the user have access to, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
|
||||
|
||||
## HTTP request
|
||||
```
|
||||
GET https://api.securitycenter.windows.com/api/machines
|
||||
|
||||
@ -29,6 +29,11 @@ Permission type | Permission | Permission display name
|
||||
Application | Machine.CollectForensics | 'Collect forensics'
|
||||
Delegated (work or school account) | Machine.CollectForensics | 'Collect forensics'
|
||||
|
||||
>[!Note]
|
||||
> When obtaining a token using user credentials:
|
||||
>- The user needs to have at least the following role permission: 'Alerts Investigation' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
|
||||
>- The user needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
|
||||
|
||||
## HTTP request
|
||||
```
|
||||
GET https://api.securitycenter.windows.com/api/machineactions/{machine action id}/getPackageUri
|
||||
|
||||
@ -21,6 +21,8 @@ ms.date: 12/08/2017
|
||||
|
||||
Isolates a machine from accessing external network.
|
||||
|
||||
[!include[Machine actions note](machineactionsnote.md)]
|
||||
|
||||
## Permissions
|
||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](exposed-apis-intro.md)
|
||||
|
||||
@ -29,9 +31,11 @@ Permission type | Permission | Permission display name
|
||||
Application | Machine.Isolate | 'Isolate machine'
|
||||
Delegated (work or school account) | Machine.Isolate | 'Isolate machine'
|
||||
|
||||
>[!IMPORTANT]
|
||||
>- Full isolation is available for machines on Windows 10, version 1703.
|
||||
>- Selective isolation is available for machines on Windows 10, version 1709 or later.
|
||||
>[!Note]
|
||||
> When obtaining a token using user credentials:
|
||||
>- The user needs to have at least the following role permission: 'Active remediation actions' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
|
||||
>- The user needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
|
||||
|
||||
|
||||
## HTTP request
|
||||
```
|
||||
@ -55,7 +59,7 @@ IsolationType | String | Type of the isolation. Allowed values are: 'Full' or 'S
|
||||
|
||||
**IsolationType** controls the type of isolation to perform and can be one of the following:
|
||||
- Full – Full isolation
|
||||
- Selective – Restrict only limited set of applications from accessing the network
|
||||
- Selective – Restrict only limited set of applications from accessing the network (see [Isolate machines from the network](respond-machine-alerts-windows-defender-advanced-threat-protection.md#isolate-machines-from-the-network) for more details)
|
||||
|
||||
|
||||
## Response
|
||||
|
||||
@ -0,0 +1,6 @@
|
||||
---
|
||||
ms.date: 08/28/2017
|
||||
author: zavidor
|
||||
---
|
||||
>[!Note]
|
||||
> This page focuses on performing a machine action via API. See [take response actions on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md) for more information about response actions functionality via WDATP.
|
||||
@ -21,6 +21,8 @@ ms.date: 12/08/2017
|
||||
|
||||
Offboard machine from WDATP.
|
||||
|
||||
[!include[Machine actions note](machineactionsnote.md)]
|
||||
|
||||
## Permissions
|
||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](exposed-apis-intro.md)
|
||||
|
||||
@ -29,8 +31,10 @@ Permission type | Permission | Permission display name
|
||||
Application | Machine.Offboard | 'Offboard machine'
|
||||
Delegated (work or school account) | Machine.Offboard | 'Offboard machine'
|
||||
|
||||
>[!IMPORTANT]
|
||||
> This response action is available for machines on Windows 10, version 1703 or later.
|
||||
>[!Note]
|
||||
> When obtaining a token using user credentials:
|
||||
>- The user needs to 'Global Admin' AD role
|
||||
>- The user needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
|
||||
|
||||
## HTTP request
|
||||
```
|
||||
|
||||
@ -181,7 +181,7 @@ Depending on the severity of the attack and the sensitivity of the machine, you
|
||||
|
||||
This machine isolation feature disconnects the compromised machine from the network while retaining connectivity to the Windows Defender ATP service, which continues to monitor the machine.
|
||||
|
||||
On Windows 10, version 1709 or later, you'll have additional control over the network isolation level. You can also choose to enable Outlook and Skype for Business connectivity.
|
||||
On Windows 10, version 1709 or later, you'll have additional control over the network isolation level. You can also choose to enable Outlook and Skype for Business connectivity (a.k.a 'Selective Isolation').
|
||||
|
||||
>[!NOTE]
|
||||
>You’ll be able to reconnect the machine back to the network at any time.
|
||||
@ -197,7 +197,7 @@ On Windows 10, version 1709 or later, you'll have additional control over the ne
|
||||
|
||||
|
||||
|
||||
3. Select the check-box if you'd like to enable Outlook and Skype communication while the machine is isolated.
|
||||
3. Select the check-box if you'd like to enable Outlook and Skype communication while the machine is isolated (a.k.a. 'Selective Isolation').
|
||||
|
||||
|
||||
|
||||
|
||||
@ -21,6 +21,8 @@ ms.date: 12/08/2017
|
||||
|
||||
Restrict execution of all applications on the machine except a predefined set (see [Response machine alerts](respond-machine-alerts-windows-defender-advanced-threat-protection.md) for more information)
|
||||
|
||||
[!include[Machine actions note](machineactionsnote.md)]
|
||||
|
||||
## Permissions
|
||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](exposed-apis-intro.md)
|
||||
|
||||
@ -29,9 +31,10 @@ Permission type | Permission | Permission display name
|
||||
Application | Machine.RestrictExecution | 'Restrict code execution'
|
||||
Delegated (work or school account) | Machine.RestrictExecution | 'Restrict code execution'
|
||||
|
||||
>[!IMPORTANT]
|
||||
> - This action is available for machines on Windows 10, version 1709 or later.
|
||||
> - This action needs to meet the Windows Defender Application Control code integrity policy formats and signing requirements. For more information, see [Code integrity policy formats and signing](https://docs.microsoft.com/en-us/windows/device-security/device-guard/requirements-and-deployment-planning-guidelines-for-device-guard#code-integrity-policy-formats-and-signing).
|
||||
>[!Note]
|
||||
> When obtaining a token using user credentials:
|
||||
>- The user needs to have at least the following role permission: 'Active remediation actions' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
|
||||
>- The user needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
|
||||
|
||||
## HTTP request
|
||||
```
|
||||
|
||||
@ -39,6 +39,11 @@ Permission type | Permission | Permission display name
|
||||
Application | AdvancedQuery.Read.All | 'Run advanced queries'
|
||||
Delegated (work or school account) | AdvancedQuery.Read | 'Run advanced queries'
|
||||
|
||||
>[!Note]
|
||||
> When obtaining a token using user credentials:
|
||||
>- The user needs to 'Global Admin' AD role
|
||||
>- The user needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
|
||||
|
||||
## HTTP request
|
||||
```
|
||||
POST /advancedqueries/query
|
||||
|
||||
@ -21,6 +21,8 @@ ms.date: 12/08/2017
|
||||
|
||||
Initiate Windows Defender Antivirus scan on a machine.
|
||||
|
||||
[!include[Machine actions note](machineactionsnote.md)]
|
||||
|
||||
## Permissions
|
||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](exposed-apis-intro.md)
|
||||
|
||||
@ -29,9 +31,10 @@ Permission type | Permission | Permission display name
|
||||
Application | Machine.Scan | 'Scan machine'
|
||||
Delegated (work or school account) | Machine.Scan | 'Scan machine'
|
||||
|
||||
>[!IMPORTANT]
|
||||
>- This action is available for machines on Windows 10, version 1709 or later.
|
||||
>- A Windows Defender Antivirus (Windows Defender AV) scan can run alongside other antivirus solutions, whether Windows Defender AV is the active antivirus solution or not. Windows Defender AV can be in Passive mode. For more information, see [Windows Defender Antivirus compatibility](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md).
|
||||
>[!Note]
|
||||
> When obtaining a token using user credentials:
|
||||
>- The user needs to have at least the following role permission: 'Active remediation actions' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
|
||||
>- The user needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
|
||||
|
||||
## HTTP request
|
||||
```
|
||||
|
||||
@ -29,6 +29,11 @@ Permission type | Permission | Permission display name
|
||||
Application | Machine.Isolate | 'Isolate machine'
|
||||
Delegated (work or school account) | Machine.Isolate | 'Isolate machine'
|
||||
|
||||
>[!Note]
|
||||
> When obtaining a token using user credentials:
|
||||
>- The user needs to have at least the following role permission: 'Active remediation actions' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
|
||||
>- The user needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
|
||||
|
||||
## HTTP request
|
||||
```
|
||||
POST https://api.securitycenter.windows.com/api/machines/{id}/unisolate
|
||||
|
||||
@ -19,10 +19,10 @@ ms.date: 12/08/2017
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
|
||||
|
||||
|
||||
Enable execution of any application on the machine.
|
||||
|
||||
[!include[Machine actions note](machineactionsnote.md)]
|
||||
|
||||
## Permissions
|
||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](exposed-apis-intro.md)
|
||||
|
||||
@ -31,6 +31,11 @@ Permission type | Permission | Permission display name
|
||||
Application | Machine.RestrictExecution | 'Restrict code execution'
|
||||
Delegated (work or school account) | Machine.RestrictExecution | 'Restrict code execution'
|
||||
|
||||
>[!Note]
|
||||
> When obtaining a token using user credentials:
|
||||
>- The user needs to have at least the following role permission: 'Active remediation actions' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
|
||||
>- The user needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
|
||||
|
||||
## HTTP request
|
||||
```
|
||||
POST https://api.securitycenter.windows.com/api/machines/{id}/unrestrictCodeExecution
|
||||
|
||||
@ -30,6 +30,11 @@ Permission type | Permission | Permission display name
|
||||
Application | Alerts.ReadWrite.All | 'Read and write all alerts'
|
||||
Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
|
||||
|
||||
>[!Note]
|
||||
> When obtaining a token using user credentials:
|
||||
>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
|
||||
>- The user needs to have access to the machine associated with the alert, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
|
||||
|
||||
## HTTP request
|
||||
```
|
||||
PATCH /api/alerts/{id}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user