diff --git a/windows/security/threat-protection/windows-defender-atp/api-hello-word.md b/windows/security/threat-protection/windows-defender-atp/api-hello-word.md index b7857a9568..0bcef5eaa3 100644 --- a/windows/security/threat-protection/windows-defender-atp/api-hello-word.md +++ b/windows/security/threat-protection/windows-defender-atp/api-hello-word.md @@ -22,7 +22,7 @@ ms.date: 09/24/2018 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -## Get Windows Defender ATP Alerts using a simple PowerShell script +## Get Alerts using a simple PowerShell script ### How long it takes to go through this example? It only takes 5 minutes done in two steps: @@ -40,7 +40,7 @@ For the App registration stage, you must have a Global administrator role in you ![Image of Microsoft Azure and navigation to application registration](images/atp-azure-new-app.png) -3. In the Create window, enter the following information then click **Create**. +3. In the registration form, enter the following information then click **Create**. - **Name:** Choose your own name. - **Application type:** Web app / API @@ -48,6 +48,55 @@ For the App registration stage, you must have a Global administrator role in you ![Image of Create application window](images/webapp-create.png) +4. Allow to App to access Windows Defender ATP and assign it 'Read all alerts' permission: + + - Click **Settings** > **Required permissions** > **Add**. + + ![Image of new app in Azure](images/webapp-add-permission.png) + + - Click **Select an API** > **WindowsDefenderATP**, then click **Select**. + + **Note**: WindowsDefenderATP does not appear in the original list. You need to start writing its name in the text box to see it appear. + + ![Image of API access and API selection](images/webapp-add-permission-2.png) + + - Click **Select permissions** > **Read all alerts** > **Select**. + + ![Image of API access and API selection](images/webapp-add-permission-readalerts.png) + + - Click **Done** + + ![Image of add permissions completion](images/webapp-add-permission-end.png) + + - Click **Grant permissions** + + **Note**: Every time you add permission you must click on **Grant permissions**. + + ![Image of Grant permissions](images/webapp-grant-permissions.png) + +5. Create a key for your App: + + - Click **Keys**, type a key name and click **Save**. + + ![Image of create app key](images/webapp-create-key.png) + +6. Write down your App ID and your Tenant ID: + + - App ID: + + ![Image of create app key](images/webapp-app-id1.png) + + - Tenant ID: Navigate to **Azure Active Directory** > **Properties** + + ![Image of create app key](images/api-tenant-id.png) + + +Done! You have successfully registered an application! + +### Step 2 - Get a token using the App and use this token to access the API. + +- + ## Related topic - [Windows Defender ATP APIs](exposed-apis-list.md) diff --git a/windows/security/threat-protection/windows-defender-atp/apis-intro.md b/windows/security/threat-protection/windows-defender-atp/apis-intro.md index ebc19c873d..c999248a49 100644 --- a/windows/security/threat-protection/windows-defender-atp/apis-intro.md +++ b/windows/security/threat-protection/windows-defender-atp/apis-intro.md @@ -53,7 +53,7 @@ You can access Windows Defender ATP API with **Application Context** or **User C Steps that needs to be taken to access Windows Defender ATP API with application context: 1) Create AAD Native-Application. 2) Assign the desired permission to the application, e.g 'Read Alerts', 'Isolate Machines' etc. - 3) Get token using the application with and user credentials. + 3) Get token using the application with user credentials. 4) Use the token to access Windows Defender ATP API See - [Get access with user context](exposed-apis-create-app-nativeapp.md). diff --git a/windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-webapp.md b/windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-webapp.md index a3afcae8bd..8885d27a1e 100644 --- a/windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-webapp.md +++ b/windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-webapp.md @@ -94,7 +94,7 @@ This page explains how to create an app, get an access token to Windows Defender ![Image of Grant permissions](images/webapp-grant-permissions.png) -9. Click **Keys** and type a key name and click **Save**. +9. Click **Keys**, type a key name and click **Save**. **Important**: After you save, **copy the key value**. You won't be able to retrieve after you leave! diff --git a/windows/security/threat-protection/windows-defender-atp/images/api-tenant-id.png b/windows/security/threat-protection/windows-defender-atp/images/api-tenant-id.png new file mode 100644 index 0000000000..ebac0b0e34 Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/api-tenant-id.png differ diff --git a/windows/security/threat-protection/windows-defender-atp/images/webapp-add-permission-readalerts.png b/windows/security/threat-protection/windows-defender-atp/images/webapp-add-permission-readalerts.png new file mode 100644 index 0000000000..2872b71881 Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/webapp-add-permission-readalerts.png differ diff --git a/windows/security/threat-protection/windows-defender-atp/images/webapp-app-id1.png b/windows/security/threat-protection/windows-defender-atp/images/webapp-app-id1.png new file mode 100644 index 0000000000..4c058c2f93 Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/webapp-app-id1.png differ