diff --git a/windows/security/includes/improve-request-performance.md b/windows/security/includes/improve-request-performance.md index c2499cf092..efaf6664a9 100644 --- a/windows/security/includes/improve-request-performance.md +++ b/windows/security/includes/improve-request-performance.md @@ -16,7 +16,7 @@ ms.collection: M365-security-compliance ms.topic: article --- ->[!NOTE] +>[!TIP] >For better performance, you can use server closer to your geo location: > - api-us.securitycenter.microsoft.com > - api-eu.securitycenter.microsoft.com diff --git a/windows/security/includes/microsoft-defender-api-usgov.md b/windows/security/includes/microsoft-defender-api-usgov.md new file mode 100644 index 0000000000..4fe2a734da --- /dev/null +++ b/windows/security/includes/microsoft-defender-api-usgov.md @@ -0,0 +1,20 @@ +--- +title: Microsoft Defender for Endpoint API URIs for US Government +description: Microsoft Defender for Endpoint API URIs for US Government +keywords: defender, endpoint, api, government, gov +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +>[!NOTE] +>If you are a US Government customer, please use the URIs listed in [Microsoft Defender for Endpoint for US Government GCC High customers](../threat-protection/microsoft-defender-atp/gov.md#api). diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md index 23c85194d0..fb9db59528 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security -ms.localizationpriority: medium +ms.localizationpriority: high author: denisebmsft ms.author: deniseb ms.date: 12/16/2020 diff --git a/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md b/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md index 94849b6b18..2cb1370de1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md +++ b/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md @@ -23,7 +23,12 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + ## API description @@ -54,7 +59,7 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine ## HTTP request ```http -POST https://api.securitycenter.windows.com/api/machines/{id}/tags +POST https://api.securitycenter.microsoft.com/api/machines/{id}/tags ``` ## Request headers @@ -84,10 +89,8 @@ If successful, this method returns 200 - Ok response code and the updated Machin Here is an example of a request that adds machine tag. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ```http -POST https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/tags +POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/tags Content-type: application/json { "Value" : "test Tag 2", diff --git a/windows/security/threat-protection/microsoft-defender-atp/alerts.md b/windows/security/threat-protection/microsoft-defender-atp/alerts.md index eaa7c56c2f..0668c313a5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/alerts.md @@ -21,9 +21,14 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) + +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) ## Methods @@ -71,7 +76,7 @@ comments | List of Alert comments | Alert Comment is an object that contains: co ### Response example for getting single alert: ``` -GET https://api.securitycenter.windows.com/api/alerts/da637084217856368682_-292920499 +GET https://api.securitycenter.microsoft.com/api/alerts/da637084217856368682_-292920499 ``` ```json diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md b/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md index 0dfd7bfce2..81f125ba22 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md +++ b/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md @@ -26,6 +26,10 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + ## Get Alerts using a simple PowerShell script @@ -103,8 +107,8 @@ $tenantId = '' ### Paste your tenant ID here $appId = '' ### Paste your Application ID here $appSecret = '' ### Paste your Application secret here -$resourceAppIdUri = 'https://api.securitycenter.windows.com' -$oAuthUri = "https://login.windows.net/$TenantId/oauth2/token" +$resourceAppIdUri = 'https://api.securitycenter.microsoft.com' +$oAuthUri = "https://login.microsoftonline.com/$TenantId/oauth2/token" $authBody = [Ordered] @{ resource = "$resourceAppIdUri" client_id = "$appId" @@ -142,7 +146,7 @@ $dateTime = (Get-Date).ToUniversalTime().AddHours(-48).ToString("o") # The URL contains the type of query and the time filter we create above # Read more about other query options and filters at Https://TBD- add the documentation link -$url = "https://api.securitycenter.windows.com/api/alerts?`$filter=alertCreationTime ge $dateTime" +$url = "https://api.securitycenter.microsoft.com/api/alerts?`$filter=alertCreationTime ge $dateTime" # Set the WebRequest headers $headers = @{ diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-microsoft-flow.md b/windows/security/threat-protection/microsoft-defender-atp/api-microsoft-flow.md index 95525bbf97..44003ec0b9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/api-microsoft-flow.md +++ b/windows/security/threat-protection/microsoft-defender-atp/api-microsoft-flow.md @@ -24,7 +24,7 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) Automating security procedures is a standard requirement for every modern Security Operations Center. The lack of professional cyber defenders forces SOC to work in the most efficient way and automation is a must. Microsoft Power Automate supports different connectors that were built exactly for that. You can build an end-to-end procedure automation within a few minutes. diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md b/windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md index 86bfb94779..9bb4eb7102 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md +++ b/windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md @@ -24,7 +24,11 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] In this section you will learn create a Power BI report on top of Defender for Endpoint APIs. @@ -48,7 +52,7 @@ The first example demonstrates how to connect Power BI to Advanced Hunting API a let AdvancedHuntingQuery = "DeviceEvents | where ActionType contains 'Anti' | limit 20", - HuntingUrl = "https://api.securitycenter.windows.com/api/advancedqueries", + HuntingUrl = "https://api.securitycenter.microsoft.com/api/advancedqueries", Response = Json.Document(Web.Contents(HuntingUrl, [Query=[key=AdvancedHuntingQuery]])), @@ -114,7 +118,7 @@ The first example demonstrates how to connect Power BI to Advanced Hunting API a Query = "MachineActions", - Source = OData.Feed("https://api.securitycenter.windows.com/api/" & Query, null, [Implementation="2.0", MoreColumns=true]) + Source = OData.Feed("https://api.securitycenter.microsoft.com/api/" & Query, null, [Implementation="2.0", MoreColumns=true]) in Source diff --git a/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md b/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md index c105db89bb..ba3e749a61 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md +++ b/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md @@ -22,10 +22,9 @@ ms.topic: conceptual [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) Defender for Endpoint exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate workflows and innovate based on Defender for Endpoint capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols-oauth-code). diff --git a/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md b/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md index 0d6949ea0b..b3cb7a04fa 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md +++ b/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md @@ -24,7 +24,12 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + ## API description Collect investigation package from a device. @@ -49,7 +54,7 @@ Delegated (work or school account) | Machine.CollectForensics | 'Collect forensi ## HTTP request ``` -POST https://api.securitycenter.windows.com/api/machines/{id}/collectInvestigationPackage +POST https://api.securitycenter.microsoft.com/api/machines/{id}/collectInvestigationPackage ``` ## Request headers @@ -76,10 +81,8 @@ If successful, this method returns 201 - Created response code and [Machine Acti Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ``` -POST https://api.securitycenter.windows.com/api/machines/fb9ab6be3965095a09c057be7c90f0a2/collectInvestigationPackage +POST https://api.securitycenter.microsoft.com/api/machines/fb9ab6be3965095a09c057be7c90f0a2/collectInvestigationPackage Content-type: application/json { "Comment": "Collect forensics due to alert 1234" diff --git a/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md b/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md index a5c286ef37..eefccc5624 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md +++ b/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md @@ -23,7 +23,11 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] ## API description @@ -56,7 +60,7 @@ Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts' ## HTTP request ``` -POST https://api.securitycenter.windows.com/api/alerts/CreateAlertByReference +POST https://api.securitycenter.microsoft.com/api/alerts/CreateAlertByReference ``` ## Request headers @@ -91,10 +95,8 @@ If successful, this method returns 200 OK, and a new [alert](alerts.md) object i Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ``` -POST https://api.securitycenter.windows.com/api/alerts/CreateAlertByReference +POST https://api.securitycenter.microsoft.com/api/alerts/CreateAlertByReference ``` ```json { diff --git a/windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md index 123ce4959e..dfde8bf37e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md +++ b/windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md @@ -23,7 +23,11 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] ## API description @@ -45,12 +49,9 @@ Application | Ti.ReadWrite.All | 'Read and write Indicators' ## HTTP request ``` -Delete https://api.securitycenter.windows.com/api/indicators/{id} +Delete https://api.securitycenter.microsoft.com/api/indicators/{id} ``` -[!include[Improve request performance](../../includes/improve-request-performance.md)] - - ## Request headers Name | Type | Description @@ -72,5 +73,5 @@ If Indicator with the specified id was not found - 404 Not Found. Here is an example of the request. ``` -DELETE https://api.securitycenter.windows.com/api/indicators/995 +DELETE https://api.securitycenter.microsoft.com/api/indicators/995 ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md index fb00021426..9f93b7365e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md @@ -26,6 +26,10 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + This page describes how to create an application to get programmatic access to Defender for Endpoint on behalf of a user. If you need programmatic access Microsoft Defender for Endpoint without a user, refer to [Access Microsoft Defender for Endpoint with application context](exposed-apis-create-app-webapp.md). @@ -127,9 +131,9 @@ For more information on AAD tokens, see [Azure AD tutorial](https://docs.microso public static class WindowsDefenderATPUtils { - private const string Authority = "https://login.windows.net"; + private const string Authority = "https://login.microsoftonline.com"; - private const string WdatpResourceId = "https://api.securitycenter.windows.com"; + private const string WdatpResourceId = "https://api.securitycenter.microsoft.com"; public static async Task AcquireUserTokenAsync(string username, string password, string appId, string tenantId) { @@ -175,7 +179,7 @@ Verify to make sure you got a correct token: ```csharp var httpClient = new HttpClient(); - var request = new HttpRequestMessage(HttpMethod.Get, "https://api.securitycenter.windows.com/api/alerts"); + var request = new HttpRequestMessage(HttpMethod.Get, "https://api.securitycenter.microsoft.com/api/alerts"); request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token); diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-partners.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-partners.md index e2de608fbd..cfb61033a4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-partners.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-partners.md @@ -25,6 +25,11 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + This page describes how to create an Azure Active Directory (Azure AD) application to get programmatic access to Microsoft Defender for Endpoint on behalf of your customers. @@ -139,8 +144,8 @@ $tenantId = '' ### Paste your tenant ID here $appId = '' ### Paste your Application ID here $appSecret = '' ### Paste your Application key here -$resourceAppIdUri = 'https://api.securitycenter.windows.com' -$oAuthUri = "https://login.windows.net/$TenantId/oauth2/token" +$resourceAppIdUri = 'https://api.securitycenter.microsoft.com' +$oAuthUri = "https://login.microsoftonline.com/$TenantId/oauth2/token" $authBody = [Ordered] @{ resource = "$resourceAppIdUri" client_id = "$appId" @@ -172,8 +177,8 @@ return $token string appId = "11111111-1111-1111-1111-111111111111"; // Paste your own app ID here string appSecret = "22222222-2222-2222-2222-222222222222"; // Paste your own app secret here for a test, and then store it in a safe place! - const string authority = "https://login.windows.net"; - const string wdatpResourceId = "https://api.securitycenter.windows.com"; + const string authority = "https://login.microsoftonline.com"; + const string wdatpResourceId = "https://api.securitycenter.microsoft.com"; AuthenticationContext auth = new AuthenticationContext($"{authority}/{tenantId}/"); ClientCredential clientCredential = new ClientCredential(appId, appSecret); @@ -227,7 +232,7 @@ Sanity check to make sure you got a correct token: ``` var httpClient = new HttpClient(); - var request = new HttpRequestMessage(HttpMethod.Get, "https://api.securitycenter.windows.com/api/alerts"); + var request = new HttpRequestMessage(HttpMethod.Get, "https://api.securitycenter.microsoft.com/api/alerts"); request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token); diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md index a7584847f9..f4dc27179e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md @@ -26,6 +26,10 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + This page describes how to create an application to get programmatic access to Defender for Endpoint without a user. If you need programmatic access to Defender for Endpoint on behalf of a user, see [Get access with user context](exposed-apis-create-app-nativeapp.md). If you are not sure which access you need, see [Get started](apis-intro.md). Microsoft Defender for Endpoint exposes much of its data and actions through a set of programmatic APIs. Those APIs will help you automate work flows and innovate based on Defender for Endpoint capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols-oauth-code). @@ -117,8 +121,8 @@ $tenantId = '' ### Paste your tenant ID here $appId = '' ### Paste your Application ID here $appSecret = '' ### Paste your Application key here -$resourceAppIdUri = 'https://api.securitycenter.windows.com' -$oAuthUri = "https://login.windows.net/$TenantId/oauth2/token" +$resourceAppIdUri = 'https://api.securitycenter.microsoft.com' +$oAuthUri = "https://login.microsoftonline.com/$TenantId/oauth2/token" $authBody = [Ordered] @{ resource = "$resourceAppIdUri" client_id = "$appId" @@ -150,8 +154,8 @@ The following code was tested with NuGet Microsoft.IdentityModel.Clients.ActiveD string appId = "11111111-1111-1111-1111-111111111111"; // Paste your own app ID here string appSecret = "22222222-2222-2222-2222-222222222222"; // Paste your own app secret here for a test, and then store it in a safe place! - const string authority = "https://login.windows.net"; - const string wdatpResourceId = "https://api.securitycenter.windows.com"; + const string authority = "https://login.microsoftonline.com"; + const string wdatpResourceId = "https://api.securitycenter.microsoft.com"; AuthenticationContext auth = new AuthenticationContext($"{authority}/{tenantId}/"); ClientCredential clientCredential = new ClientCredential(appId, appSecret); @@ -204,7 +208,7 @@ The following is an example of sending a request to get a list of alerts **using ``` var httpClient = new HttpClient(); - var request = new HttpRequestMessage(HttpMethod.Get, "https://api.securitycenter.windows.com/api/alerts"); + var request = new HttpRequestMessage(HttpMethod.Get, "https://api.securitycenter.microsoft.com/api/alerts"); request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token); diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md index 31142c2936..8100c26890 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md @@ -22,8 +22,13 @@ ms.date: 09/24/2018 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) + +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] Full scenario using multiple APIs from Microsoft Defender for Endpoint. @@ -63,7 +68,7 @@ $appSecret = '22222222-2222-2222-2222-222222222222' # Paste your own app secret $suspiciousUrl = 'www.suspiciousUrl.com' # Paste your own URL here $resourceAppIdUri = 'https://securitycenter.onmicrosoft.com/windowsatpservice' -$oAuthUri = "https://login.windows.net/$TenantId/oauth2/token" +$oAuthUri = "https://login.microsoftonline.com/$TenantId/oauth2/token" $authBody = [Ordered] @{ resource = "$resourceAppIdUri" client_id = "$appId" @@ -75,7 +80,7 @@ $aadToken = $authResponse.access_token #Get latest alert -$alertUrl = "https://api.securitycenter.windows.com/api/alerts?`$top=10" +$alertUrl = "https://api.securitycenter.microsoft.com/api/alerts?`$top=10" $headers = @{ 'Content-Type' = 'application/json' Accept = 'application/json' @@ -108,7 +113,7 @@ $query = "NetworkCommunicationEvents | where RemoteUrl == `"$suspiciousUrl`" | summarize ConnectionsCount = count() by MachineId" -$queryUrl = "https://api.securitycenter.windows.com/api/advancedqueries/run" +$queryUrl = "https://api.securitycenter.microsoft.com/api/advancedqueries/run" $queryBody = ConvertTo-Json -InputObject @{ 'Query' = $query } $queryResponse = Invoke-WebRequest -Method Post -Uri $queryUrl -Headers $headers -Body $queryBody -ErrorAction Stop diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list.md index 785ac39e0d..e5f0ac91e0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list.md @@ -30,9 +30,9 @@ ms.topic: article ### Endpoint URI: -> The service base URI is: https://api.securitycenter.windows.com +> The service base URI is: https://api.securitycenter.microsoft.com > -> The queries based OData have the '/api' prefix. For example, to get Alerts you can send GET request to https://api.securitycenter.windows.com/api/alerts +> The queries based OData have the '/api' prefix. For example, to get Alerts you can send GET request to https://api.securitycenter.microsoft.com/api/alerts ### Versioning: @@ -40,9 +40,14 @@ ms.topic: article > > The current version is **V1.0**. > -> To use a specific version, use this format: `https://api.securitycenter.windows.com/api/{Version}`. For example: `https://api.securitycenter.windows.com/api/v1.0/alerts` +> To use a specific version, use this format: `https://api.securitycenter.microsoft.com/api/{Version}`. For example: `https://api.securitycenter.microsoft.com/api/v1.0/alerts` > -> If you don't specify any version (e.g. https://api.securitycenter.windows.com/api/alerts ) you will get to the latest version. +> If you don't specify any version (e.g. https://api.securitycenter.microsoft.com/api/alerts ) you will get to the latest version. + + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] Learn more about the individual supported entities where you can run API calls to and details such as HTTP request values, request headers and expected responses. diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md index b4a487ffbe..8cea855481 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md @@ -22,9 +22,13 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] If you are not familiar with OData queries, see: [OData V4 queries](https://www.odata.org/documentation/) @@ -150,14 +154,14 @@ HTTP GET https://api.securitycenter.microsoft.com/api/alerts?$top=10&$expand=ev Get all the alerts last updated after 2019-11-22 00:00:00 ```http -HTTP GET https://api.securitycenter.windows.com/api/alerts?$filter=lastUpdateTime+ge+2019-11-22T00:00:00Z +HTTP GET https://api.securitycenter.microsoft.com/api/alerts?$filter=lastUpdateTime+ge+2019-11-22T00:00:00Z ``` **Response:** ```json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Alerts", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Alerts", "value": [ { "id": "da637308392288907382_-880718168", @@ -206,14 +210,14 @@ HTTP GET https://api.securitycenter.windows.com/api/alerts?$filter=lastUpdateTi Get all the devices with 'High' 'RiskScore' ```http -HTTP GET https://api.securitycenter.windows.com/api/machines?$filter=riskScore+eq+'High' +HTTP GET https://api.securitycenter.microsoft.com/api/machines?$filter=riskScore+eq+'High' ``` **Response:** ```json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machines", "value": [ { "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", @@ -245,14 +249,14 @@ HTTP GET https://api.securitycenter.windows.com/api/machines?$filter=riskScore+ Get top 100 devices with 'HealthStatus' not equals to 'Active' ```http -HTTP GET https://api.securitycenter.windows.com/api/machines?$filter=healthStatus+ne+'Active'&$top=100 +HTTP GET https://api.securitycenter.microsoft.com/api/machines?$filter=healthStatus+ne+'Active'&$top=100 ``` **Response:** ```json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machines", "value": [ { "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", @@ -284,14 +288,14 @@ HTTP GET https://api.securitycenter.windows.com/api/machines?$filter=healthStat Get all the devices that last seen after 2018-10-20 ```http -HTTP GET https://api.securitycenter.windows.com/api/machines?$filter=lastSeen gt 2018-08-01Z +HTTP GET https://api.securitycenter.microsoft.com/api/machines?$filter=lastSeen gt 2018-08-01Z ``` **Response:** ```json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machines", "value": [ { "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", @@ -323,14 +327,14 @@ HTTP GET https://api.securitycenter.windows.com/api/machines?$filter=lastSeen g Get all the Anti-Virus scans that the user Analyst@examples.onmicrosoft.com created using Microsoft Defender for Endpoint ```http -HTTP GET https://api.securitycenter.windows.com/api/machineactions?$filter=requestor eq 'Analyst@contoso.com' and type eq 'RunAntiVirusScan' +HTTP GET https://api.securitycenter.microsoft.com/api/machineactions?$filter=requestor eq 'Analyst@contoso.com' and type eq 'RunAntiVirusScan' ``` **Response:** ```json json{ - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineActions", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#MachineActions", "value": [ { "id": "2e9da30d-27f6-4208-81f2-9cd3d67893ba", @@ -355,7 +359,7 @@ json{ Get the count of open alerts for a specific device: ```http -HTTP GET https://api.securitycenter.windows.com/api/machines/123321d0c675eaa415b8e5f383c6388bff446c62/alerts/$count?$filter=status ne 'Resolved' +HTTP GET https://api.securitycenter.microsoft.com/api/machines/123321d0c675eaa415b8e5f383c6388bff446c62/alerts/$count?$filter=status ne 'Resolved' ``` **Response:** diff --git a/windows/security/threat-protection/microsoft-defender-atp/files.md b/windows/security/threat-protection/microsoft-defender-atp/files.md index 6289c8645b..677387cad1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/files.md +++ b/windows/security/threat-protection/microsoft-defender-atp/files.md @@ -25,6 +25,11 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + + Represent a file entity in Defender for Endpoint. ## Methods diff --git a/windows/security/threat-protection/microsoft-defender-atp/find-machine-info-by-ip.md b/windows/security/threat-protection/microsoft-defender-atp/find-machine-info-by-ip.md index 0d640fa36f..b94742b61d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/find-machine-info-by-ip.md +++ b/windows/security/threat-protection/microsoft-defender-atp/find-machine-info-by-ip.md @@ -21,9 +21,13 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] Find a device by internal IP. diff --git a/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md b/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md index 3db35c6164..616dfffb2e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md +++ b/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md @@ -25,6 +25,10 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + ## API description Find [Machines](machine.md) seen with the requested internal IP in the time range of 15 minutes prior and after a given timestamp. @@ -75,8 +79,6 @@ If the timestamp is not in the past 30 days - 400 Bad Request. Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ``` -GET https://api.securitycenter.windows.com/api/machines/findbyip(ip='10.248.240.38',timestamp=2019-09-22T08:44:05Z) +GET https://api.securitycenter.microsoft.com/api/machines/findbyip(ip='10.248.240.38',timestamp=2019-09-22T08:44:05Z) ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-info-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-info-by-id.md index 07ac59b945..210a00624f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-info-by-id.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-info-by-id.md @@ -25,6 +25,10 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + ## API description Retrieves specific [Alert](alerts.md) by its ID. diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info.md index e9d18d97e7..607206740c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info.md @@ -25,6 +25,10 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + ## API description Retrieves all domains related to a specific alert. @@ -72,10 +76,8 @@ If successful and alert and domain exist - 200 OK. If alert not found - 404 Not Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ``` -GET https://api.securitycenter.windows.com/alerts/636688558380765161_2136280442/domains +GET https://api.securitycenter.microsoft.com/alerts/636688558380765161_2136280442/domains ``` **Response** @@ -86,7 +88,7 @@ Here is an example of the response. HTTP/1.1 200 OK Content-type: application/json { - "@odata.context": "https://api.securitycenter.windows.com/$metadata#Domains", + "@odata.context": "https://api.securitycenter.microsoft.com/$metadata#Domains", "value": [ { "host": "www.example.com" diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md index 6e61e17504..f95776b987 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md @@ -21,10 +21,14 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Microsoft Defender for Endpoint ](https://go.microsoft.com/fwlink/p/?linkid=2146631) +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + ## API description Retrieves all files related to a specific alert. @@ -72,10 +76,8 @@ If successful and alert and files exist - 200 OK. If alert not found - 404 Not F Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ``` -GET https://api.securitycenter.windows.com/api/alerts/636688558380765161_2136280442/files +GET https://api.securitycenter.microsoft.com/api/alerts/636688558380765161_2136280442/files ``` **Response** @@ -87,7 +89,7 @@ Here is an example of the response. HTTP/1.1 200 OK Content-type: application/json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Files", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Files", "value": [ { "sha1": "f2a00fd2f2de1be0214b8529f1e9f67096c1aa70", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md index 62db50d08a..dd5859b46d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md @@ -25,6 +25,10 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + ## API description Retrieves all IPs related to a specific alert. @@ -73,10 +77,8 @@ If successful and alert and an IP exist - 200 OK. If alert not found - 404 Not F Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ``` -GET https://api.securitycenter.windows.com/alerts/636688558380765161_2136280442/ips +GET https://api.securitycenter.microsoft.com/alerts/636688558380765161_2136280442/ips ``` **Response** @@ -88,7 +90,7 @@ Here is an example of the response. HTTP/1.1 200 OK Content-type: application/json { - "@odata.context": "https://api.securitycenter.windows.com/$metadata#Ips", + "@odata.context": "https://api.securitycenter.microsoft.com/$metadata#Ips", "value": [ { "id": "104.80.104.128" diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md index 98f64ac8d1..ab1cfd8107 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md @@ -25,6 +25,10 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + ## API description Retrieves [Device](machine.md) related to a specific alert. @@ -74,11 +78,8 @@ If successful and alert and device exist - 200 OK. If alert not found or device Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - - ``` -GET https://api.securitycenter.windows.com/api/alerts/636688558380765161_2136280442/machine +GET https://api.securitycenter.microsoft.com/api/alerts/636688558380765161_2136280442/machine ``` **Response** @@ -90,7 +91,7 @@ Here is an example of the response. HTTP/1.1 200 OK Content-type: application/json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines/$entity", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machines/$entity", "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", "computerDnsName": "mymachine1.contoso.com", "firstSeen": "2018-08-02T14:55:03.7791856Z", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md index 3e96ce7383..c5461ce794 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md @@ -25,6 +25,10 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + ## API description Retrieves the User related to a specific alert. @@ -73,11 +77,8 @@ If successful and alert and a user exists - 200 OK with user in the body. If ale Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - - ``` -GET https://api.securitycenter.windows.com/api/alerts/636688558380765161_2136280442/user +GET https://api.securitycenter.microsoft.com/api/alerts/636688558380765161_2136280442/user ``` **Response** @@ -89,7 +90,7 @@ Here is an example of the response. HTTP/1.1 200 OK Content-type: application/json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Users/$entity", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Users/$entity", "id": "contoso\\user1", "accountName": "user1", "accountDomain": "contoso", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md index a7c825d739..687c2dffa2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md @@ -25,6 +25,10 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + ## API description Retrieves a collection of Alerts. @@ -87,9 +91,6 @@ Here is an example of the request. GET https://api.securitycenter.microsoft.com/api/alerts ``` -[!include[Improve request performance](../../includes/improve-request-performance.md)] - - **Response** Here is an example of the response. diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md b/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md index a5cde6e4a0..a076a373b1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md @@ -20,8 +20,14 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) + +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + [!include[Prerelease information](../../includes/prerelease.md)] @@ -61,7 +67,7 @@ If successful, this method returns 200 OK with the list of security recommendati Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/recommendations +GET https://api.securitycenter.microsoft.com/api/recommendations ``` **Response** @@ -71,7 +77,7 @@ Here is an example of the response. ```json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Recommendations", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Recommendations", "value": [ { "id": "va-_-microsoft-_-windows_10", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities-by-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities-by-machines.md index f2de05191d..8839180405 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities-by-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities-by-machines.md @@ -23,6 +23,13 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + + Retrieves a list of all the vulnerabilities affecting the organization per [machine](machine.md) and [software](software.md). - If the vulnerability has a fixing KB, it will appear in the response. - Supports [OData V4 queries](https://www.odata.org/documentation/). @@ -65,7 +72,7 @@ If successful, this method returns 200 OK with the list of vulnerabilities in th Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/vulnerabilities/machinesVulnerabilities +GET https://api.securitycenter.microsoft.com/api/vulnerabilities/machinesVulnerabilities ``` **Response** @@ -75,7 +82,7 @@ Here is an example of the response. ```json { - "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Collection(microsoft.windowsDefenderATP.api.PublicAssetVulnerabilityDto)", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Collection(microsoft.windowsDefenderATP.api.PublicAssetVulnerabilityDto)", "value": [ { "id": "5afa3afc92a7c63d4b70129e0a6f33f63a427e21-_-CVE-2020-6494-_-microsoft-_-edge_chromium-based-_-81.0.416.77-_-", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md index 9847c928d4..d899f7c360 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md @@ -20,8 +20,14 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) + +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + [!include[Prerelease information](../../includes/prerelease.md)] @@ -61,7 +67,7 @@ If successful, this method returns 200 OK with the list of vulnerabilities in th Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/Vulnerabilities +GET https://api.securitycenter.microsoft.com/api/Vulnerabilities ``` **Response** @@ -71,7 +77,7 @@ Here is an example of the response. ```json { - "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Vulnerabilities", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Vulnerabilities", "value": [ { "id": "CVE-2019-0608", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-cvekbmap-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-cvekbmap-collection.md index 7a5a5aacb3..fb60d09e95 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-cvekbmap-collection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-cvekbmap-collection.md @@ -23,9 +23,13 @@ ROBOTS: NOINDEX [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] Retrieves a map of CVE's to KB's and CVE details. diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md index 7b6d923818..920e2fab04 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md @@ -23,11 +23,13 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) ->[!NOTE] ->If you are a US Gov customer, please refer to API endpoints listed in [here](gov.md#api). - - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + + Retrieves your [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md). A higher Microsoft Secure Score for Devices means your endpoints are more resilient from cybersecurity threat attacks. ## Permissions @@ -66,7 +68,7 @@ If successful, this method returns 200 OK, with the device secure score data in Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/configurationScore +GET https://api.securitycenter.microsoft.com/api/configurationScore ``` ### Response @@ -78,7 +80,7 @@ Here is an example of the response. ```json { - "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#ConfigurationScore/$entity", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#ConfigurationScore/$entity", "time": "2019-12-03T09:15:58.1665846Z", "score": 340 } diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md index 5b16a71cfc..14425d3b01 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md @@ -21,8 +21,13 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) + +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] Retrieves a collection of discovered vulnerabilities related to a given device ID. @@ -62,7 +67,7 @@ If successful, this method returns 200 OK with the discovered vulnerability info Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/vulnerabilities +GET https://api.securitycenter.microsoft.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/vulnerabilities ``` ### Response @@ -71,7 +76,7 @@ Here is an example of the response. ``` { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)", "value": [ { "id": "CVE-2019-1348", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-alerts.md index 26fdbad6f4..2ef6ab2307 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-alerts.md @@ -25,6 +25,10 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + ## API description Retrieves a collection of [Alerts](alerts.md) related to a given domain address. @@ -74,8 +78,6 @@ If successful and domain exists - 200 OK with list of [alert](alerts.md) entitie Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ```http -GET https://api.securitycenter.windows.com/api/domains/client.wns.windows.com/alerts +GET https://api.securitycenter.microsoft.com/api/domains/client.wns.windows.com/alerts ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-machines.md index 5bf5182ede..8c70e05df5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-machines.md @@ -21,10 +21,14 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Microsoft Defender for Endpoint(https://go.microsoft.com/fwlink/p/?linkid=2146631) +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + ## API description Retrieves a collection of [Machines](machine.md) that have communicated to or from a given domain address. @@ -75,9 +79,6 @@ If successful and domain exists - 200 OK with list of [machine](machine.md) enti Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - - ```http -GET https://api.securitycenter.windows.com/api/domains/api.securitycenter.windows.com/machines +GET https://api.securitycenter.microsoft.com/api/domains/api.securitycenter.microsoft.com/machines ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md b/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md index cb49efb465..a1174ffd17 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md @@ -25,6 +25,10 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + ## API description Retrieves the statistics on the given domain. @@ -71,10 +75,8 @@ If successful and domain exists - 200 OK, with statistics object in the response Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ``` -GET https://api.securitycenter.windows.com/api/domains/example.com/stats +GET https://api.securitycenter.microsoft.com/api/domains/example.com/stats ``` **Response** @@ -86,7 +88,7 @@ Here is an example of the response. HTTP/1.1 200 OK Content-type: application/json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#microsoft.windowsDefenderATP.api.InOrgDomainStats", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#microsoft.windowsDefenderATP.api.InOrgDomainStats", "host": "example.com", "orgPrevalence": "4070", "orgFirstSeen": "2017-07-30T13:23:48Z", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md index 43d7ac20e9..2dc25a2049 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md @@ -25,6 +25,11 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + + [!include[Prerelease information](../../includes/prerelease.md)] Retrieves the organizational exposure score. @@ -65,7 +70,7 @@ If successful, this method returns 200 OK, with the exposure data in the respons Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/exposureScore +GET https://api.securitycenter.microsoft.com/api/exposureScore ``` ### Response @@ -77,7 +82,7 @@ Here is an example of the response. ```json { - "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#ExposureScore/$entity", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#ExposureScore/$entity", "time": "2019-12-03T07:23:53.280499Z", "score": 33.491554051195706 } diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md b/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md index 61ab343580..c69bbf38e5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md @@ -25,6 +25,10 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + ## API description Retrieves a [File](files.md) by identifier Sha1, or Sha256 @@ -71,10 +75,8 @@ If successful and file exists - 200 OK with the [file](files.md) entity in the b Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ``` -GET https://api.securitycenter.windows.com/api/files/4388963aaa83afe2042a46a3c017ad50bdcdafb3 +GET https://api.securitycenter.microsoft.com/api/files/4388963aaa83afe2042a46a3c017ad50bdcdafb3 ``` **Response** @@ -86,7 +88,7 @@ Here is an example of the response. HTTP/1.1 200 OK Content-type: application/json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Files/$entity", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Files/$entity", "sha1": "4388963aaa83afe2042a46a3c017ad50bdcdafb3", "sha256": "413c58c8267d2c8648d8f6384bacc2ae9c929b2b96578b6860b5087cd1bd6462", "globalPrevalence": 180022, diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md index d1c53228ac..e9088291e8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md @@ -25,6 +25,10 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + ## API description Retrieves a collection of alerts related to a given file hash. @@ -74,8 +78,6 @@ If successful and file exists - 200 OK with list of [alert](alerts.md) entities Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ``` -GET https://api.securitycenter.windows.com/api/files/6532ec91d513acc05f43ee0aa3002599729fd3e1/alerts +GET https://api.securitycenter.microsoft.com/api/files/6532ec91d513acc05f43ee0aa3002599729fd3e1/alerts ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md index c60f272c69..99313ac5c8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md @@ -25,6 +25,10 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + ## API description Retrieves a collection of [Machines](machine.md) related to a given file hash. @@ -74,8 +78,6 @@ If successful and file exists - 200 OK with list of [machine](machine.md) entiti Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ``` -GET https://api.securitycenter.windows.com/api/files/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/machines +GET https://api.securitycenter.microsoft.com/api/files/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/machines ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md b/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md index 59f525f594..d81d9b8af3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md @@ -25,6 +25,10 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + ## API description Retrieves the statistics for the given file. @@ -71,10 +75,8 @@ If successful and file exists - 200 OK with statistical data in the body. If fil Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ``` -GET https://api.securitycenter.windows.com/api/files/0991a395da64e1c5fbe8732ed11e6be064081d9f/stats +GET https://api.securitycenter.microsoft.com/api/files/0991a395da64e1c5fbe8732ed11e6be064081d9f/stats ``` **Response** @@ -86,7 +88,7 @@ Here is an example of the response. HTTP/1.1 200 OK Content-type: application/json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#microsoft.windowsDefenderATP.api.InOrgFileStats", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#microsoft.windowsDefenderATP.api.InOrgFileStats", "sha1": "0991a395da64e1c5fbe8732ed11e6be064081d9f", "orgPrevalence": "14850", "orgFirstSeen": "2019-12-07T13:44:16Z", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md index 293d458f27..09233fa7ab 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md @@ -20,8 +20,13 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) + +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] [!include[Prerelease information](../../includes/prerelease.md)] @@ -61,7 +66,7 @@ If successful, this method returns 200 OK with the installed software informatio Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/software +GET https://api.securitycenter.microsoft.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/software ``` **Response** @@ -71,7 +76,7 @@ Here is an example of the response. ``` { -"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Software", +"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Software", "value": [ { "id": "microsoft-_-internet_explorer", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-investigation-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-investigation-collection.md index 296f7c81ce..b58d1ddd9e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-investigation-collection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-investigation-collection.md @@ -25,6 +25,10 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + ## API description Retrieves a collection of [Investigations](investigation.md). @@ -54,7 +58,7 @@ Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts' ## HTTP request ``` -GET https://api.securitycenter.windows.com/api/investigations +GET https://api.securitycenter.microsoft.com/api/investigations ``` ## Request headers @@ -71,30 +75,25 @@ Empty If successful, this method returns 200, Ok response code with a collection of [Investigations](investigation.md) entities. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - - ## Example **Request** Here is an example of a request to get all investigations: - ``` -GET https://api.securitycenter.windows.com/api/investigations +GET https://api.securitycenter.microsoft.com/api/investigations ``` **Response** Here is an example of the response: - ``` HTTP/1.1 200 Ok Content-type: application/json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Investigations", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Investigations", "value": [ { "id": "63017", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-investigation-object.md b/windows/security/threat-protection/microsoft-defender-atp/get-investigation-object.md index 6953ccabba..866f046908 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-investigation-object.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-investigation-object.md @@ -25,6 +25,11 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + + ## API description Retrieves specific [Investigation](investigation.md) by its ID.
ID can be the investigation ID or the investigation triggering alert ID. @@ -50,7 +55,7 @@ Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts' ## HTTP request ``` -GET https://api.securitycenter.windows.com/api/investigations/{id} +GET https://api.securitycenter.microsoft.com/api/investigations/{id} ``` ## Request headers diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-ip-related-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-ip-related-alerts.md index 6d078cbf15..b18a482d19 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-ip-related-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-ip-related-alerts.md @@ -23,7 +23,11 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] ## API description @@ -74,9 +78,6 @@ If successful and IP exists - 200 OK with list of [alert](alerts.md) entities in Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - - ``` -GET https://api.securitycenter.windows.com/api/ips/10.209.67.177/alerts +GET https://api.securitycenter.microsoft.com/api/ips/10.209.67.177/alerts ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md b/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md index b58fd359e9..7492cfa46e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md @@ -23,7 +23,11 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] ## API description @@ -71,10 +75,8 @@ If successful and ip exists - 200 OK with statistical data in the body. IP do no Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ``` -GET https://api.securitycenter.windows.com/api/ips/10.209.67.177/stats +GET https://api.securitycenter.microsoft.com/api/ips/10.209.67.177/stats ``` **Response** @@ -86,7 +88,7 @@ Here is an example of the response. HTTP/1.1 200 OK Content-type: application/json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#microsoft.windowsDefenderATP.api.InOrgIPStats", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#microsoft.windowsDefenderATP.api.InOrgIPStats", "ipAddress": "10.209.67.177", "orgPrevalence": "63515", "orgFirstSeen": "2017-07-30T13:36:06Z", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-kbinfo-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-kbinfo-collection.md index e7ac39a93c..b3e1d5574a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-kbinfo-collection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-kbinfo-collection.md @@ -23,9 +23,13 @@ ROBOTS: NOINDEX [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] Retrieves a collection of KB's and KB details. diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md index 30fd9d4263..f46e912d8c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md @@ -23,7 +23,11 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] ## API description @@ -77,10 +81,8 @@ If machine with the specified ID was not found - 404 Not Found. Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ```http -GET https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07 +GET https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07 ``` **Response** @@ -92,7 +94,7 @@ Here is an example of the response. HTTP/1.1 200 OK Content-type: application/json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machine", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machine", "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", "computerDnsName": "mymachine1.contoso.com", "firstSeen": "2018-08-02T14:55:03.7791856Z", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md index 112ed575be..e13a900af5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md @@ -23,7 +23,12 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + [!include[Prerelease information](../../includes/prerelease.md)] @@ -65,7 +70,7 @@ If successful, this method returns 200 OK, with a list of exposure score per dev Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/exposureScore/ByMachineGroups +GET https://api.securitycenter.microsoft.com/api/exposureScore/ByMachineGroups ``` ### Response @@ -75,7 +80,7 @@ Here is an example of the response. ```json { - "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#ExposureScore", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#ExposureScore", "value": [ { "time": "2019-12-03T09:51:28.214338Z", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md b/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md index 55bdffa21c..42ceb10f0e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md @@ -25,6 +25,10 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + ## API description Retrieves a collection of logged on users on a specific device. @@ -73,10 +77,8 @@ If successful and device exists - 200 OK with list of [user](user.md) entities i Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ```http -GET https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/logonusers +GET https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/logonusers ``` **Response** @@ -88,7 +90,7 @@ Here is an example of the response. HTTP/1.1 200 OK Content-type: application/json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Users", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Users", "value": [ { "id": "contoso\\user1", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machine-related-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-machine-related-alerts.md index 49e6162ab5..86de75298d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-related-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-related-alerts.md @@ -23,7 +23,11 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] ## API description diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md b/windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md index dc294c9002..da012c1b41 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md @@ -23,7 +23,11 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] ## API description @@ -50,7 +54,7 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine ## HTTP request ``` -GET https://api.securitycenter.windows.com/api/machineactions/{id} +GET https://api.securitycenter.microsoft.com/api/machineactions/{id} ``` ## Request headers @@ -72,10 +76,8 @@ If successful, this method returns 200, Ok response code with a [Machine Action] Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ``` -GET https://api.securitycenter.windows.com/api/machineactions/2e9da30d-27f6-4208-81f2-9cd3d67893ba +GET https://api.securitycenter.microsoft.com/api/machineactions/2e9da30d-27f6-4208-81f2-9cd3d67893ba ``` **Response** @@ -87,7 +89,7 @@ Here is an example of the response. HTTP/1.1 200 Ok Content-type: application/json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineActions/$entity", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#MachineActions/$entity", "id": "5382f7ea-7557-4ab7-9782-d50480024a4e", "type": "Isolate", "scope": "Selective", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection.md index 026a5fe161..ec9d161528 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection.md @@ -23,7 +23,11 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] ## API description @@ -54,7 +58,7 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine ## HTTP request ``` -GET https://api.securitycenter.windows.com/api/machineactions +GET https://api.securitycenter.microsoft.com/api/machineactions ``` ## Request headers @@ -77,10 +81,8 @@ If successful, this method returns 200, Ok response code with a collection of [m Here is an example of the request on an organization that has three MachineActions. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ``` -GET https://api.securitycenter.windows.com/api/machineactions +GET https://api.securitycenter.microsoft.com/api/machineactions ``` **Response** @@ -92,7 +94,7 @@ Here is an example of the response. HTTP/1.1 200 Ok Content-type: application/json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineActions", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#MachineActions", "value": [ { "id": "69dc3630-1ccc-4342-acf3-35286eec741d", @@ -147,20 +149,18 @@ Content-type: application/json Here is an example of a request that filters the MachineActions by machine ID and shows the latest two MachineActions. ``` -GET https://api.securitycenter.windows.com/api/machineactions?$filter=machineId eq 'f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f'&$top=2 +GET https://api.securitycenter.microsoft.com/api/machineactions?$filter=machineId eq 'f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f'&$top=2 ``` **Response** Here is an example of the response. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ``` HTTP/1.1 200 Ok Content-type: application/json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineActions", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#MachineActions", "value": [ { "id": "69dc3630-1ccc-4342-acf3-35286eec741d", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machinegroups-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-machinegroups-collection.md index 93f27a6093..925103b0d1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machinegroups-collection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machinegroups-collection.md @@ -23,9 +23,14 @@ ms.date: 10/07/2018 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) + +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) Retrieves a collection of RBAC device groups. diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md index 7490907216..8cb9e3c2d3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md @@ -21,9 +21,14 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) + +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) [!include[Prerelease information](../../includes/prerelease.md)] @@ -62,7 +67,7 @@ If successful, this method returns 200 OK and a list of devices with the softwar Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/Software/microsoft-_-edge/machineReferences +GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/machineReferences ``` **Response** @@ -72,7 +77,7 @@ Here is an example of the response. ```json { - "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#MachineReferences", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#MachineReferences", "value": [ { "id": "7c7e1896fa39efb0a32a2cf421d837af1b9bf762", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md index bbd94f8b8d..bc0c969c79 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md @@ -20,9 +20,14 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) + +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) [!include[Prerelease information](../../includes/prerelease.md)] @@ -62,7 +67,7 @@ If successful, this method returns 200 OK with the vulnerability information in Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/vulnerabilities/CVE-2019-0608/machineReferences +GET https://api.securitycenter.microsoft.com/api/vulnerabilities/CVE-2019-0608/machineReferences ``` **Response** @@ -72,7 +77,7 @@ Here is an example of the response. ```json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineReferences", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#MachineReferences", "value": [ { "id": "235a2e6278c63fcf85bab9c370396972c58843de", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-machines.md index aef7e2789a..6c89d74e65 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines.md @@ -23,7 +23,11 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] ## API description @@ -56,7 +60,7 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine ## HTTP request ```http -GET https://api.securitycenter.windows.com/api/machines +GET https://api.securitycenter.microsoft.com/api/machines ``` ## Request headers @@ -79,11 +83,8 @@ If successful and machines exists - 200 OK with list of [machine](machine.md) en Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - - ```http -GET https://api.securitycenter.windows.com/api/machines +GET https://api.securitycenter.microsoft.com/api/machines ``` **Response** @@ -94,7 +95,7 @@ Here is an example of the response. HTTP/1.1 200 OK Content-type: application/json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machines", "value": [ { "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machinesecuritystates-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-machinesecuritystates-collection.md index aba82de482..4f1d4fedec 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machinesecuritystates-collection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machinesecuritystates-collection.md @@ -22,9 +22,13 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] Retrieves a collection of devices security states. diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md b/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md index 52846f5bdf..089381bade 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md @@ -25,6 +25,10 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + Retrieves missing KBs (security updates) by device ID ## HTTP request @@ -54,7 +58,7 @@ If successful, this method returns 200 OK, with the specified device missing kb Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/machines/2339ad14a01bd0299afb93dfa2550136057bff96/getmissingkbs +GET https://api.securitycenter.microsoft.com/api/machines/2339ad14a01bd0299afb93dfa2550136057bff96/getmissingkbs ``` ### Response diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-software.md index 21506f3767..a74bad1490 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-software.md @@ -23,7 +23,12 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + Retrieves missing KBs (security updates) by software ID @@ -63,7 +68,7 @@ If successful, this method returns 200 OK, with the specified software missing k Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/Software/microsoft-_-edge/getmissingkbs +GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/getmissingkbs ``` ### Response diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-package-sas-uri.md b/windows/security/threat-protection/microsoft-defender-atp/get-package-sas-uri.md index ffd04c4f62..332e875e6e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-package-sas-uri.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-package-sas-uri.md @@ -23,7 +23,11 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] ## API description @@ -45,7 +49,7 @@ Delegated (work or school account) | Machine.CollectForensics | 'Collect forensi ## HTTP request ``` -GET https://api.securitycenter.windows.com/api/machineactions/{machine action id}/getPackageUri +GET https://api.securitycenter.microsoft.com/api/machineactions/{machine action id}/getPackageUri ``` ## Request headers @@ -69,7 +73,7 @@ If successful, this method returns 200, Ok response code with object that holds Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/machineactions/7327b54fd718525cbca07dacde913b5ac3c85673/GetPackageUri +GET https://api.securitycenter.microsoft.com/api/machineactions/7327b54fd718525cbca07dacde913b5ac3c85673/GetPackageUri ``` @@ -77,15 +81,12 @@ GET https://api.securitycenter.windows.com/api/machineactions/7327b54fd718525cbc Here is an example of the response. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - - ``` HTTP/1.1 200 Ok Content-type: application/json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Edm.String", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Edm.String", "value": "\"https://userrequests-us.securitycenter.windows.com:443/safedownload/WDATP_Investigation_Package.zip?token=gbDyj7y%2fbWGAZjn2sFiZXlliBTXOCVG7yiJ6mXNaQ9pLByC2Wxeno9mENsPFP3xMk5l%2bZiJXjLvqAyNEzUNROxoM2I1er9dxzfVeBsxSmclJjPsAx%2btiNyxSz1Ax%2b5jaT5cL5bZg%2b8wgbwY9urXbTpGjAKh6FB1e%2b0ypcWkPm8UkfOwsmtC%2biZJ2%2bPqnkkeQk7SKMNoAvmh9%2fcqDIPKXGIBjMa0D9auzypOqd8bQXp7p2BnLSH136BxST8n9IHR4PILvRjAYW9kvtHkBpBitfydAsUW4g2oDZSPN3kCLBOoo1C4w4Lkc9Bc3GNU2IW6dfB7SHcp7G9p4BDkeJl3VuDs6esCaeBorpn9FKJ%2fXo7o9pdcI0hUPZ6Ds9hiPpwPUtz5J29CBE3QAopCK%2fsWlf6OW2WyXsrNRSnF1tVE5H3wXpREzuhD7S4AIA3OIEZKzC4jIPLeMu%2bazZU9xGwuc3gICOaokbwMJiZTqcUuK%2fV9YdBdjdg8wJ16NDU96Pl6%2fgew2KYuk6Wo7ZuHotgHI1abcsvdlpe4AvixDbqcRJthsg2PpLRaFLm5av44UGkeK6TJpFvxUn%2f9fg6Zk5yM1KUTHb8XGmutoCM8U9er6AzXZlY0gGc3D3bQOg41EJZkEZLyUEbk1hXJB36ku2%2bW01cG71t7MxMBYz7%2bdXobxpdo%3d%3bRWS%2bCeoDfTyDcfH5pkCg6hYDmCOPr%2fHYQuaUWUBNVnXURYkdyOzVHqp%2fe%2f1BNyPdVoVkpQHpz1pPS3b5g9h7IMmNKCk5gFq5m2nPx6kk9EYtzx8Ndoa2m9Yj%2bSaf8zIFke86YnfQL4AYewsnQNJJh4wc%2bXxGlBq7axDcoiOdX91rKzVicH3GSBkFoLFAKoegWWsF%2fEDZcVpF%2fXUA1K8HvB6dwyfy4y0sAqnNPxYTQ97mG7yHhxPt4Pe9YF2UPPAJVuEf8LNlQ%2bWHC9%2f7msF6UUI4%2fca%2ftpjFs%2fSNeRE8%2fyQj21TI8YTF1SowvaJuDc1ivEoeopNNGG%2bGI%2fX0SckaVxU9Hdkh0zbydSlT5SZwbSwescs0IpzECitBbaLUz4aT8KTs8T0lvx8D7Te3wVsKAJ1r3iFMQZrlk%2bS1WW8rvac7oHRx2HKURn1v7fDIQWgJr9aNsNlFz4fLJ50T2qSHuuepkLVbe93Va072aMGhvr09WVKoTpAf1j2bcFZZU6Za5PxI32mr0k90FgiYFJ1F%2f1vRDrGwvWVWUkR3Z33m4g0gHa52W1FMxQY0TJIwbovD6FaSNDx7xhKZSd5IJ7r6P91Gez49PaZRcAZPjd%2bfbul3JNm1VqQPTLohT7wa0ymRiXpSST74xtFzuEBzNSNATdbngj3%2fwV4JesTjZjIj5Dc%3d%3blumqauVlFuuO8MQffZgs0tLJ4Fq6fpeozPTdDf8Ll6XLegi079%2b4mSPFjTK0y6eohstxdoOdom2wAHiZwk0u4KLKmRkfYOdT1wHY79qKoBQ3ZDHFTys9V%2fcwKGl%2bl8IenWDutHygn5IcA1y7GTZj4g%3d%3d\"" } diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md index 79fcaae0ff..3666ef7955 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md @@ -22,6 +22,13 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + + [!include[Prerelease information](../../includes/prerelease.md)] Retrieves a security recommendation by its ID. @@ -60,7 +67,7 @@ If successful, this method returns 200 OK with the security recommendations in t Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chrome +GET https://api.securitycenter.microsoft.com/api/recommendations/va-_-google-_-chrome ``` **Response** @@ -69,7 +76,7 @@ Here is an example of the response. ```json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Recommendations/$entity", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Recommendations/$entity", "id": "va-_-google-_-chrome", "productName": "chrome", "recommendationName": "Update Chrome", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md index 079ab2c449..dfec0fb89f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md @@ -20,9 +20,14 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) + +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) [!include[Prerelease information](../../includes/prerelease.md)] @@ -62,7 +67,7 @@ If successful, this method returns 200 OK with the list of devices associated wi Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chrome/machineReferences +GET https://api.securitycenter.microsoft.com/api/recommendations/va-_-google-_-chrome/machineReferences ``` **Response** @@ -71,7 +76,7 @@ Here is an example of the response. ```json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineReferences", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#MachineReferences", "value": [ { "id": "e058770379bc199a9c179ce52a23e16fd44fd2ee", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md index 0656c420e8..c0adaddae0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md @@ -20,9 +20,14 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) + +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) [!include[Prerelease information](../../includes/prerelease.md)] @@ -62,7 +67,7 @@ If successful, this method returns 200 OK with the software associated with the Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chrome/software +GET https://api.securitycenter.microsoft.com/api/recommendations/va-_-google-_-chrome/software ``` **Response** @@ -71,7 +76,7 @@ Here is an example of the response. ```json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Analytics.Contracts.PublicAPI.PublicProductDto", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Analytics.Contracts.PublicAPI.PublicProductDto", "id": "google-_-chrome", "name": "chrome", "vendor": "google", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md index 95b525bf6b..9c06a2df8f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md @@ -20,9 +20,14 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) + +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) [!include[Prerelease information](../../includes/prerelease.md)] @@ -62,7 +67,7 @@ If successful, this method returns 200 OK, with the list of vulnerabilities asso Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chrome/vulnerabilities +GET https://api.securitycenter.microsoft.com/api/recommendations/va-_-google-_-chrome/vulnerabilities ``` **Response** @@ -71,7 +76,7 @@ Here is an example of the response. ```json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)", "value": [ { "id": "CVE-2019-13748", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md b/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md index 91a19e9c18..1cf2a7793b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md @@ -20,9 +20,13 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] [!include[Prerelease information](../../includes/prerelease.md)] @@ -62,7 +66,7 @@ If successful, this method returns 200 OK with the security recommendations in t Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/recommendations +GET https://api.securitycenter.microsoft.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/recommendations ``` **Response** @@ -72,7 +76,7 @@ Here is an example of the response. ``` { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Recommendations", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Recommendations", "value": [ { "id": "va-_-git-scm-_-git", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md index 07550126c1..8c13f1d5da 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md @@ -21,9 +21,14 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) + +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) [!include[Prerelease information](../../includes/prerelease.md)] @@ -62,7 +67,7 @@ If successful, this method returns 200 OK with the specified software data in th Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/Software/microsoft-_-edge +GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge ``` **Response** @@ -72,7 +77,7 @@ Here is an example of the response. ```json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Software/$entity", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Software/$entity", "id": "microsoft-_-edge", "name": "edge", "vendor": "microsoft", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md b/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md index 7ae8324de9..2bb098203c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md @@ -21,9 +21,14 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) + +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) [!include[Prerelease information](../../includes/prerelease.md)] @@ -62,7 +67,7 @@ If successful, this method returns 200 OK with a list of software distributions Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/Software/microsoft-_-edge/distributions +GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/distributions ``` **Response** @@ -72,7 +77,7 @@ Here is an example of the response. ```json { - "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Distributions", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Distributions", "value": [ { "version": "11.0.17134.1039", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-software.md index 6a02de62a0..7629b66bff 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-software.md @@ -23,7 +23,12 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + Retrieves the organization software inventory. @@ -61,7 +66,7 @@ If successful, this method returns 200 OK with the software inventory in the bod Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/Software +GET https://api.securitycenter.microsoft.com/api/Software ``` **Response** @@ -71,7 +76,7 @@ Here is an example of the response. ```json { - "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Software", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Software", "value": [ { "id": "microsoft-_-edge", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection.md index ea42bf22ac..5cd725bebe 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection.md @@ -25,6 +25,10 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + ## API description Retrieves a collection of all active [Indicators](ti-indicator.md). @@ -48,11 +52,9 @@ Delegated (work or school account) | Ti.ReadWrite | 'Read and write Indicators' ## HTTP request ``` -GET https://api.securitycenter.windows.com/api/indicators +GET https://api.securitycenter.microsoft.com/api/indicators ``` -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ## Request headers Name | Type | Description @@ -76,7 +78,7 @@ If successful, this method returns 200, Ok response code with a collection of [I Here is an example of a request that gets all Indicators ``` -GET https://api.securitycenter.windows.com/api/indicators +GET https://api.securitycenter.microsoft.com/api/indicators ``` **Response** @@ -87,7 +89,7 @@ Here is an example of the response. HTTP/1.1 200 Ok Content-type: application/json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Indicators", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Indicators", "value": [ { "id": "995", @@ -139,7 +141,7 @@ Content-type: application/json Here is an example of a request that gets all Indicators with 'AlertAndBlock' action ``` -GET https://api.securitycenter.windows.com/api/indicators?$filter=action+eq+'AlertAndBlock' +GET https://api.securitycenter.microsoft.com/api/indicators?$filter=action+eq+'AlertAndBlock' ``` **Response** @@ -150,7 +152,7 @@ Here is an example of the response. HTTP/1.1 200 Ok Content-type: application/json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Indicators", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Indicators", "value": [ { "id": "997", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-user-information.md b/windows/security/threat-protection/microsoft-defender-atp/get-user-information.md index bc5b69d9cd..d9af8b76ce 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-user-information.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-user-information.md @@ -20,8 +20,13 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) + +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] Retrieve a User entity by key (user name). @@ -58,10 +63,8 @@ If successful and user exists - 200 OK with [user](user.md) entity in the body. Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ``` -GET https://api.securitycenter.windows.com/api/users/user1 +GET https://api.securitycenter.microsoft.com/api/users/user1 Content-type: application/json ``` @@ -74,7 +77,7 @@ Here is an example of the response. HTTP/1.1 200 OK Content-type: application/json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Users/$entity", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Users/$entity", "id": "user1", "firstSeen": "2018-08-02T00:00:00Z", "lastSeen": "2018-08-04T00:00:00Z", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md index b6282b18f3..d16cd4cfee 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md @@ -23,7 +23,11 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] ## API description @@ -76,8 +80,6 @@ If successful and user exists - 200 OK. If the user does not exist - 404 Not Fou Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ``` -GET https://api.securitycenter.windows.com/api/users/user1/alerts +GET https://api.securitycenter.microsoft.com/api/users/user1/alerts ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md index 33fbf7f79a..88a70fd056 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md @@ -23,7 +23,11 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] ## API description @@ -77,8 +81,6 @@ If successful and user exists - 200 OK with list of [machine](machine.md) entiti Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ``` -GET https://api.securitycenter.windows.com/api/users/user1/machines +GET https://api.securitycenter.microsoft.com/api/users/user1/machines ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md index ac266cf40f..abb77af560 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md @@ -21,9 +21,14 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) + +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) [!include[Prerelease information](../../includes/prerelease.md)] @@ -62,7 +67,7 @@ If successful, this method returns 200 OK with a a list of vulnerabilities expos Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/Software/microsoft-_-edge/vulnerabilities +GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/vulnerabilities ``` **Response** @@ -72,7 +77,7 @@ Here is an example of the response. ```json { - "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)", "value": [ { "id": "CVE-2017-0140", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md index 3e66207db5..df3bc5a56f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md @@ -20,8 +20,14 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) + +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + [!include[Prerelease information](../../includes/prerelease.md)] @@ -61,7 +67,7 @@ If successful, this method returns 200 OK with the vulnerability information in Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/Vulnerabilities/CVE-2019-0608 +GET https://api.securitycenter.microsoft.com/api/Vulnerabilities/CVE-2019-0608 ``` **Response** @@ -70,7 +76,7 @@ Here is an example of the response. ```json { - "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Vulnerabilities/$entity", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Vulnerabilities/$entity", "id": "CVE-2019-0608", "name": "CVE-2019-0608", "description": "A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could impersonate a user request by crafting HTTP queries. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.To exploit the vulnerability, the user must click a specially crafted URL. In an email attack scenario, an attacker could send an email message containing the specially crafted URL to the user in an attempt to convince the user to click it.In a web-based attack scenario, an attacker could host a specially crafted website designed to appear as a legitimate website to the user. However, the attacker would have no way to force the user to visit the specially crafted website. The attacker would have to convince the user to visit the specially crafted website, typically by way of enticement in an email or instant message, and then convince the user to interact with content on the website.The update addresses the vulnerability by correcting how Microsoft Browsers parses HTTP responses.", diff --git a/windows/security/threat-protection/microsoft-defender-atp/gov.md b/windows/security/threat-protection/microsoft-defender-atp/gov.md index ddff7ba6a2..1c89d002cb 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/gov.md +++ b/windows/security/threat-protection/microsoft-defender-atp/gov.md @@ -109,7 +109,8 @@ Defender for Endpoint GCC High specific | ```us4-v20.events.data.microsoft.com`` ## API -Login endpoint: ```https://login.microsoftonline.us``` -Microsoft Defender for Endpoint API endpoint: ```https://api-gov.securitycenter.microsoft.us``` +- Login endpoint: ```https://login.microsoftonline.us``` + +- Microsoft Defender for Endpoint API endpoint: ```https://api-gov.securitycenter.microsoft.us``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation.md index 683be6e6bf..90bd7b9256 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation.md @@ -23,7 +23,11 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] ## API description @@ -79,8 +83,6 @@ If successful, this method returns 201 - Created response code and [Investigatio Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ``` POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/startInvestigation Content-type: application/json diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigation.md b/windows/security/threat-protection/microsoft-defender-atp/investigation.md index 9a079ca9cb..d5a2cf97cf 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigation.md @@ -25,7 +25,12 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + Represent an Automated Investigation entity in Defender for Endpoint.
See [Overview of automated investigations](automated-investigations.md) for more information. diff --git a/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md b/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md index 98cfaa0d40..7d5d12f3e4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md +++ b/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md @@ -23,7 +23,11 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] ## API description @@ -52,7 +56,7 @@ Delegated (work or school account) | Machine.Isolate | 'Isolate machine' ## HTTP request ``` -POST https://api.securitycenter.windows.com/api/machines/{id}/isolate +POST https://api.securitycenter.microsoft.com/api/machines/{id}/isolate ``` ## Request headers @@ -85,10 +89,8 @@ If successful, this method returns 201 - Created response code and [Machine Acti Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ```console -POST https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/isolate +POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/isolate Content-type: application/json { "Comment": "Isolate machine due to alert 1234", diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine.md b/windows/security/threat-protection/microsoft-defender-atp/machine.md index 817ecce65b..ab02cb5c21 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/machine.md +++ b/windows/security/threat-protection/microsoft-defender-atp/machine.md @@ -25,6 +25,10 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + [!include[Prerelease information](../../includes/prerelease.md)] ## Methods diff --git a/windows/security/threat-protection/microsoft-defender-atp/machineaction.md b/windows/security/threat-protection/microsoft-defender-atp/machineaction.md index 94f6a0a86b..4f6e60ca31 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/machineaction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/machineaction.md @@ -25,6 +25,11 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + + - For more information, see [Response Actions](respond-machine-alerts.md). | Method | Return Type | Description | diff --git a/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md b/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md index 8cc6f7bed9..b87d77da37 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md +++ b/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md @@ -23,7 +23,11 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] ## API description @@ -55,7 +59,7 @@ Delegated (work or school account) | Machine.Offboard | 'Offboard machine' ## HTTP request ``` -POST https://api.securitycenter.windows.com/api/machines/{id}/offboard +POST https://api.securitycenter.microsoft.com/api/machines/{id}/offboard ``` ## Request headers @@ -82,10 +86,8 @@ If successful, this method returns 201 - Created response code and [Machine Acti Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ``` -POST https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/offboard +POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/offboard Content-type: application/json { "Comment": "Offboard machine by automation" diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md index ff6119eee4..452f25222e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md @@ -22,8 +22,14 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) + +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + Create a notification rule so that when a local onboarding or offboardiing script is used, you'll be notified. @@ -56,7 +62,7 @@ You'll need to have access to: 5. Enter the following HTTP fields: - Method: "GET" as a value to get the list of devices. - - URI: Enter `https://api.securitycenter.windows.com/api/machines`. + - URI: Enter `https://api.securitycenter.microsoft.com/api/machines`. - Authentication: Select "Active Directory OAuth". - Tenant: Sign-in to https://portal.azure.com and navigate to **Azure Active Directory > App Registrations** and get the Tenant ID value. - Audience: `https://securitycenter.onmicrosoft.com/windowsatpservice\` diff --git a/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md b/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md index ab2b412ae2..ac9c3929ea 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md +++ b/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md @@ -21,9 +21,13 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Microsoft Defender for Endpoint]https://go.microsoft.com/fwlink/p/?linkid=2146631) +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] ## API description @@ -47,12 +51,9 @@ Delegated (work or school account) | Ti.ReadWrite | 'Read and write Indicators' ## HTTP request ``` -POST https://api.securitycenter.windows.com/api/indicators +POST https://api.securitycenter.microsoft.com/api/indicators ``` -[!include[Improve request performance](../../includes/improve-request-performance.md)] - - ## Request headers Name | Type | Description @@ -88,7 +89,7 @@ rbacGroupNames | String | Comma-separated list of RBAC group names the indicator Here is an example of the request. ``` -POST https://api.securitycenter.windows.com/api/indicators +POST https://api.securitycenter.microsoft.com/api/indicators Content-type: application/json { "indicatorValue": "220e7d15b011d7fac48f2bd61114db1022197f7f", diff --git a/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md b/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md index d656f995c8..9587df251a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md +++ b/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md @@ -22,12 +22,9 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) - - ->Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-pullalerts-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) >[!Note] >- [Microsoft Defender for Endpoint Alert](alerts.md) is composed from one or more detections. @@ -203,7 +200,7 @@ Here is an example return value: The following code examples demonstrate how to obtain an access token for calling the Microsoft Defender for Endpoint SIEM API. ```csharp -AuthenticationContext context = new AuthenticationContext(string.Format("https://login.windows.net/{0}", tenantId)); +AuthenticationContext context = new AuthenticationContext(string.Format("https://login.microsoftonline.com/{0}", tenantId)); ClientCredential clientCredentials = new ClientCredential(clientId, clientSecret); AuthenticationResult authenticationResult = context.AcquireTokenAsync(detectionsResource, clientCredentials).GetAwaiter().GetResult(); ``` @@ -218,7 +215,7 @@ $appId = '' ### Paste your Application ID here $appSecret = '' ### Paste your Application secret here $resourceAppIdUri = 'https://graph.windows.net' -$oAuthUri = "https://login.windows.net/$tenantId/oauth2/token" +$oAuthUri = "https://login.microsoftonline.com/$tenantId/oauth2/token" $authBody = [Ordered] @{ resource = "$resourceAppIdUri" client_id = "$appId" @@ -237,7 +234,7 @@ tenantId='' ### Paste your tenant ID here appId='' ### Paste your Application ID here appSecret='' ### Paste your Application secret here resourceAppIdUri='https://graph.windows.net' -oAuthUri="https://login.windows.net/$tenantId/oauth2/token" +oAuthUri="https://login.microsoftonline.com/$tenantId/oauth2/token" scriptDir=$(pwd) apiResponse=$(curl -s X POST "$oAuthUri" -d "resource=$resourceAppIdUri&client_id=$appId&client_secret=$appSecret&\ diff --git a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md index 4d71206462..6a3c3ce05d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md @@ -23,7 +23,12 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + [!include[Prerelease information](../../includes/prerelease.md)] diff --git a/windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution.md b/windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution.md index 414c106934..3c91b9c04c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution.md +++ b/windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution.md @@ -23,7 +23,11 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] ## API description @@ -51,7 +55,7 @@ Delegated (work or school account) | Machine.RestrictExecution | 'Restrict code ## HTTP request ``` -POST https://api.securitycenter.windows.com/api/machines/{id}/restrictCodeExecution +POST https://api.securitycenter.microsoft.com/api/machines/{id}/restrictCodeExecution ``` ## Request headers @@ -79,7 +83,7 @@ If successful, this method returns 201 - Created response code and [Machine Acti Here is an example of the request. ``` -POST https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/restrictCodeExecution +POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/restrictCodeExecution Content-type: application/json { "Comment": "Restrict code execution due to alert 1234" diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md index ce6887fc58..50b5f9255d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md +++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md @@ -24,7 +24,11 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] ## Limitations 1. You can only run a query on data from the last 30 days. @@ -50,7 +54,7 @@ Delegated (work or school account) | AdvancedQuery.Read | 'Run advanced queries' ## HTTP request ``` -POST https://api.securitycenter.windows.com/api/advancedqueries/run +POST https://api.securitycenter.microsoft.com/api/advancedqueries/run ``` ## Request headers @@ -77,11 +81,8 @@ Request Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - - ``` -POST https://api.securitycenter.windows.com/api/advancedqueries/run +POST https://api.securitycenter.microsoft.com/api/advancedqueries/run Content-type: application/json { "Query":"DeviceProcessEvents diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-powershell.md b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-powershell.md index cc1e69bc35..247f300dac 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-powershell.md +++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-powershell.md @@ -21,9 +21,13 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] Run advanced queries using PowerShell, see [Advanced Hunting API](run-advanced-query-api.md). @@ -51,8 +55,8 @@ $tenantId = '00000000-0000-0000-0000-000000000000' # Paste your own tenant ID he $appId = '11111111-1111-1111-1111-111111111111' # Paste your own app ID here $appSecret = '22222222-2222-2222-2222-222222222222' # Paste your own app secret here -$resourceAppIdUri = 'https://api.securitycenter.windows.com' -$oAuthUri = "https://login.windows.net/$TenantId/oauth2/token" +$resourceAppIdUri = 'https://api.securitycenter.microsoft.com' +$oAuthUri = "https://login.microsoftonline.com/$TenantId/oauth2/token" $body = [Ordered] @{ resource = "$resourceAppIdUri" client_id = "$appId" @@ -75,7 +79,7 @@ Run the following query: ``` $query = 'RegistryEvents | limit 10' # Paste your own query here -$url = "https://api.securitycenter.windows.com/api/advancedqueries/run" +$url = "https://api.securitycenter.microsoft.com/api/advancedqueries/run" $headers = @{ 'Content-Type' = 'application/json' Accept = 'application/json' diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md index c7d5c9e145..7cda7c8cd9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md +++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md @@ -22,9 +22,13 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] Run advanced queries using Python, see [Advanced Hunting API](run-advanced-query-api.md). @@ -46,9 +50,9 @@ tenantId = '00000000-0000-0000-0000-000000000000' # Paste your own tenant ID her appId = '11111111-1111-1111-1111-111111111111' # Paste your own app ID here appSecret = '22222222-2222-2222-2222-222222222222' # Paste your own app secret here -url = "https://login.windows.net/%s/oauth2/token" % (tenantId) +url = "https://login.microsoftonline.com/%s/oauth2/token" % (tenantId) -resourceAppIdUri = 'https://api.securitycenter.windows.com' +resourceAppIdUri = 'https://api.securitycenter.microsoft.com' body = { 'resource' : resourceAppIdUri, @@ -78,7 +82,7 @@ where ``` query = 'RegistryEvents | limit 10' # Paste your own query here -url = "https://api.securitycenter.windows.com/api/advancedqueries/run" +url = "https://api.securitycenter.microsoft.com/api/advancedqueries/run" headers = { 'Content-Type' : 'application/json', 'Accept' : 'application/json', diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md b/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md index 9525f7a282..f2d979889c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md +++ b/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md @@ -23,7 +23,11 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] ## API description @@ -51,7 +55,7 @@ Delegated (work or school account) | Machine.Scan | 'Scan machine' ## HTTP request ``` -POST https://api.securitycenter.windows.com/api/machines/{id}/runAntiVirusScan +POST https://api.securitycenter.microsoft.com/api/machines/{id}/runAntiVirusScan ``` ## Request headers @@ -87,7 +91,7 @@ If successful, this method returns 201, Created response code and _MachineAction Here is an example of the request. ``` -POST https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/runAntiVirusScan +POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/runAntiVirusScan Content-type: application/json { "Comment": "Check machine for viruses due to alert 3212", diff --git a/windows/security/threat-protection/microsoft-defender-atp/score.md b/windows/security/threat-protection/microsoft-defender-atp/score.md index d911b24cb2..aab54c586f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/score.md @@ -25,6 +25,11 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + + [!include[Prerelease information](../../includes/prerelease.md)] ## Methods diff --git a/windows/security/threat-protection/microsoft-defender-atp/set-device-value.md b/windows/security/threat-protection/microsoft-defender-atp/set-device-value.md index b2a76a6693..98266678c3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/set-device-value.md +++ b/windows/security/threat-protection/microsoft-defender-atp/set-device-value.md @@ -25,6 +25,11 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + + ## API description Set the device value of a specific [Machine](machine.md).
diff --git a/windows/security/threat-protection/microsoft-defender-atp/software.md b/windows/security/threat-protection/microsoft-defender-atp/software.md index 617a6c15ec..a471bd94f2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/software.md @@ -25,6 +25,11 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + + [!include[Prerelease information](../../includes/prerelease.md)] ## Methods diff --git a/windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file.md b/windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file.md index a91edcf37d..83727872ac 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file.md +++ b/windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file.md @@ -25,6 +25,10 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + ## API description Stop execution of a file on a device and delete it. @@ -51,7 +55,7 @@ Delegated (work or school account) | Machine.StopAndQuarantine | 'Stop And Quara ## HTTP request ``` -POST https://api.securitycenter.windows.com/api/machines/{id}/StopAndQuarantineFile +POST https://api.securitycenter.microsoft.com/api/machines/{id}/StopAndQuarantineFile ``` ## Request headers @@ -80,7 +84,7 @@ If successful, this method returns 201 - Created response code and [Machine Acti Here is an example of the request. ``` -POST https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/StopAndQuarantineFile +POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/StopAndQuarantineFile Content-type: application/json { "Comment": "Stop and quarantine file on machine due to alert 441688558380765161_2136280442", diff --git a/windows/security/threat-protection/microsoft-defender-atp/ti-indicator.md b/windows/security/threat-protection/microsoft-defender-atp/ti-indicator.md index 2b37172304..39a5774d5c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ti-indicator.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ti-indicator.md @@ -25,6 +25,11 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + + - See the corresponding [Indicators page](https://securitycenter.windows.com/preferences2/custom_ti_indicators/files) in the portal. Method|Return Type |Description diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding-error-messages.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding-error-messages.md index ce25cadea3..1ecd70b09d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding-error-messages.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding-error-messages.md @@ -22,9 +22,9 @@ ms.topic: troubleshooting [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) >Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-troublshootonboarding-abovefoldlink) @@ -78,8 +78,8 @@ You'll need to allow the `securitycenter.windows.com` and all subdomains under i ## Portal communication issues If you encounter issues with accessing the portal, missing data, or restricted access to portions of the portal, you'll need to verify that the following URLs are allowed and open for communication. -- `*.blob.core.windows.net -crl.microsoft.com` +- `*.blob.core.windows.net` +- `crl.microsoft.com` - `https://*.microsoftonline-p.com` - `https://*.securitycenter.windows.com` - `https://automatediracs-eus-prd.securitycenter.windows.com` diff --git a/windows/security/threat-protection/microsoft-defender-atp/unisolate-machine.md b/windows/security/threat-protection/microsoft-defender-atp/unisolate-machine.md index 211e184891..2f5e42faa5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/unisolate-machine.md +++ b/windows/security/threat-protection/microsoft-defender-atp/unisolate-machine.md @@ -26,6 +26,10 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + ## API description Undo isolation of a device. @@ -52,7 +56,7 @@ Delegated (work or school account) | Machine.Isolate | 'Isolate machine' ## HTTP request ``` -POST https://api.securitycenter.windows.com/api/machines/{id}/unisolate +POST https://api.securitycenter.microsoft.com/api/machines/{id}/unisolate ``` ## Request headers @@ -80,10 +84,8 @@ If successful, this method returns 201 - Created response code and [Machine Acti Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ``` -POST https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/unisolate +POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/unisolate Content-type: application/json { "Comment": "Unisolate machine since it was clean and validated" diff --git a/windows/security/threat-protection/microsoft-defender-atp/unrestrict-code-execution.md b/windows/security/threat-protection/microsoft-defender-atp/unrestrict-code-execution.md index 49037547d6..ef5ea2434a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/unrestrict-code-execution.md +++ b/windows/security/threat-protection/microsoft-defender-atp/unrestrict-code-execution.md @@ -25,6 +25,10 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + ## API description Enable execution of any application on the device. @@ -51,7 +55,7 @@ Delegated (work or school account) | Machine.RestrictExecution | 'Restrict code ## HTTP request ``` -POST https://api.securitycenter.windows.com/api/machines/{id}/unrestrictCodeExecution +POST https://api.securitycenter.microsoft.com/api/machines/{id}/unrestrictCodeExecution ``` ## Request headers @@ -77,10 +81,8 @@ If successful, this method returns 201 - Created response code and [Machine Acti Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ``` -POST https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/unrestrictCodeExecution +POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/unrestrictCodeExecution Content-type: application/json { "Comment": "Unrestrict code execution since machine was cleaned and validated" diff --git a/windows/security/threat-protection/microsoft-defender-atp/update-alert.md b/windows/security/threat-protection/microsoft-defender-atp/update-alert.md index a62ac7611a..9e142b87bc 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/update-alert.md +++ b/windows/security/threat-protection/microsoft-defender-atp/update-alert.md @@ -25,6 +25,10 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + ## API description Updates properties of existing [Alert](alerts.md). @@ -76,8 +80,6 @@ classification | String | Specifies the specification of the alert. The property determination | String | Specifies the determination of the alert. The property values are: 'NotAvailable', 'Apt', 'Malware', 'SecurityPersonnel', 'SecurityTesting', 'UnwantedSoftware', 'Other' comment | String | Comment to be added to the alert. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ## Response If successful, this method returns 200 OK, and the [alert](alerts.md) entity in the response body with the updated properties. If alert with the specified id was not found - 404 Not Found. @@ -89,7 +91,7 @@ If successful, this method returns 200 OK, and the [alert](alerts.md) entity in Here is an example of the request. ``` -PATCH https://api.securitycenter.windows.com/api/alerts/121688558380765161_2136280442 +PATCH https://api.securitycenter.microsoft.com/api/alerts/121688558380765161_2136280442 Content-Type: application/json { diff --git a/windows/security/threat-protection/microsoft-defender-atp/user.md b/windows/security/threat-protection/microsoft-defender-atp/user.md index 948460d6a9..8d75aea649 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/user.md +++ b/windows/security/threat-protection/microsoft-defender-atp/user.md @@ -25,6 +25,11 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + + Method|Return Type |Description :---|:---|:--- [List User related alerts](get-user-related-alerts.md) | [alert](alerts.md) collection | List all the alerts that are associated with a [user](user.md). diff --git a/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md b/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md index eaaa313b18..924169d5d8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md +++ b/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md @@ -25,6 +25,11 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + + [!include[Prerelease information](../../includes/prerelease.md)] ## Methods