From c9dc41dc35c3c4ed7809e6060a99af8f4d8af3ca Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Sat, 25 Aug 2018 16:46:20 -0700 Subject: [PATCH] content edits --- .../exposed-apis-create-app-nativeapp.md | 11 +++++------ .../exposed-apis-create-app-webapp.md | 15 ++++++--------- .../windows-defender-atp/exposed-apis-intro.md | 17 +++++++---------- 3 files changed, 18 insertions(+), 25 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-nativeapp.md b/windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-nativeapp.md index 06c9891fa8..7cb9fa31b2 100644 --- a/windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-nativeapp.md +++ b/windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-nativeapp.md @@ -10,22 +10,21 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: medium -ms.date: 30/07/2018 +ms.date: 09/03/2018 --- # Use Windows Defender ATP APIs **Applies to:** - -- Windows 10 Enterprise -- Windows 10 Education -- Windows 10 Pro -- Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Prerelease information](prerelease.md)] + + This pages describes how to create an application to get programmatical access to Windows Defender ATP on behalf of a user. If you need programmatical access Windows Defender ATP without a user, please refer to [Access Windows Defender ATP without a user](exposed-apis-create-app-webapp.md) diff --git a/windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-webapp.md b/windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-webapp.md index 8d0dee467f..fd70a944f0 100644 --- a/windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-webapp.md +++ b/windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-webapp.md @@ -1,5 +1,5 @@ --- -title: Use Windows Defender Advanced Threat Protection APIs +title: Create an app to access Windows Defender ATP without a user description: Use the exposed data and actions using a set of progammatic APIs that are part of the Microsoft Intelligence Security Graph. keywords: apis, graph api, supported apis, actor, alerts, machine, user, domain, ip, file, advanced hunting, query search.product: eADQiWindows 10XVcnh @@ -10,29 +10,26 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: medium -ms.date: 30/07/2018 +ms.date: 09/03/2018 --- # Create an app to access Windows Defender ATP without a user **Applies to:** - -- Windows 10 Enterprise -- Windows 10 Education -- Windows 10 Pro -- Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Prerelease information](prerelease.md)] + This pages describes how to create an application to get programmatical access to Windows Defender ATP without a user. If you need programmatical access Windows Defender ATP on behalf of a user, please refer to [Access Windows Defender ATP on behalf of a user](exposed-apis-create-app-nativeapp.md) -If you are not sure which access you need, you'd better read the [Introduction page](exposed-apis-intro.md) +If you are not sure which access you need, see [Use Windows Defender ATP APIs](exposed-apis-intro.md). -Windows Defender ATP exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate workflows and innovate based on Windows Defender ATP capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols-oauth-code). +Windows Defender ATP exposes much of its data and actions through a set of programmatic APIs. Those APIs will help you automate workflows and innovate based on Windows Defender ATP capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols-oauth-code). In general, you’ll need to take the following steps to use the APIs: - Create an app diff --git a/windows/security/threat-protection/windows-defender-atp/exposed-apis-intro.md b/windows/security/threat-protection/windows-defender-atp/exposed-apis-intro.md index ccf0c67cdb..9afd0591c4 100644 --- a/windows/security/threat-protection/windows-defender-atp/exposed-apis-intro.md +++ b/windows/security/threat-protection/windows-defender-atp/exposed-apis-intro.md @@ -10,22 +10,19 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: medium -ms.date: 30/07/2018 +ms.date: 09/03/2018 --- # Use Windows Defender ATP APIs **Applies to:** - -- Windows 10 Enterprise -- Windows 10 Education -- Windows 10 Pro -- Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Prerelease information](prerelease.md)] + Windows Defender ATP exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate workflows and innovate based on Windows Defender ATP capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols-oauth-code). In general, you’ll need to take the following steps to use the APIs: @@ -34,18 +31,18 @@ In general, you’ll need to take the following steps to use the APIs: - Use the token to access Windows Defender ATP API -As a developer, you decide which permissions for Windows Defender ATP your app requests. When a user signs in to your app he (or, in some cases, an administrator) is given a chance to consent to these permissions. If the user consents, your app is given access to the resources and APIs that it has requested. For apps that don't take a signed-in user, permissions can be pre-consented to by an administrator when the app is installed or during sign-up. +As a developer, you decide which permissions for Windows Defender ATP your app requests. When a user signs in to your app they (or, in some cases, an administrator) are given a chance to give consent to these permissions. If the user provides consent, your app is given access to the resources and APIs that it has requested. For apps that don't take a signed-in user, permissions can be pre-approved to by an administrator when the app is installed or during sign-up. -##Delegated permissions, Application permissions, and effective permissions +# #Delegated permissions, application permissions, and effective permissions Windows Defender ATP has two types of permissions: delegated permissions and application permissions. -- Delegated permissions are used by apps that have a signed-in user present. For these apps either the user or an administrator consents to the permissions that the app requests and the app is delegated permission to act as the signed-in user when making calls to Windows Defender ATP. Some delegated permissions can be consented to by non-administrative users, but some higher-privileged permissions require administrator consent. +- Delegated permissions are used by apps that have a signed-in user present. For these apps either the user or an administrator provides consent to the permissions that the app requests and the app is delegated permission to act as the signed-in user when making calls to Windows Defender ATP. Some delegated permissions can be consented to by non-administrative users, but some higher-privileged permissions require administrator consent. - Application permissions are used by apps that run without a signed-in user present; for example, apps that run as background services or daemons. Application permissions can only be consented by an administrator. Effective permissions are the permissions that your app will have when making requests to Windows Defender ATP. It is important to understand the difference between the delegated and application permissions that your app is granted and its effective permissions when making calls to Windows Defender ATP. -- For delegated permissions, the effective permissions of your app will be the least privileged intersection of the delegated permissions the app has been granted (via consent) and the privileges of the currently signed-in user. Your app can never have more privileges than the signed-in user. Within organizations, the privileges of the signed-in user may be determined by policy or by membership in one or more administrator roles. For more information about administrator roles, see [Assigning administrator roles in Azure Active Directory](https://docs.microsoft.com/en-us/azure/active-directory/active-directory-assign-admin-roles). +- For delegated permissions, the effective permissions of your app will be the least privileged intersection of the delegated permissions the app has been granted (via consent) and the privileges of the currently signed-in user. Your app can never have more privileges than the signed-in user. Within organizations, the privileges of the signed-in user may be determined by policy or by membership in one or more administrator roles. For more information about administrator roles, see [Assigning administrator roles in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/active-directory-assign-admin-roles). For example, assume your app has been granted the Machine.CollectForensics delegated permission. This permission nominally grants your app permission to collect investigation package from a machine. If the signed-in user has 'Alerts Investigation' permission, your app will be able to collect investigation package from a machine, if the machine belongs to a group the user is exposed to. However, if the signed-in user doesn't have 'Alerts Investigation' permission, your app won't be able to collect investigation package from any machine.