undo removal of block and unblock from old docs

2025-05-19 08:47:22 +00:00 · 2018-08-16 11:23:32 +03:00 · 2018-08-16 11:23:32 +03:00 · eb0171a811
commit eb0171a811
parent 09be5a18a1
2 changed files with 180 additions and 0 deletions
--- a/windows/security/threat-protection/windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md
@ -0,0 +1,91 @@
+---
+title: Block file API
+description: Use this API to blocking files from being running in the organization.
+keywords: apis, graph api, supported apis, block file
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+ms.date: 12/08/2017
+---
+
+# Block file API
+
+**Applies to:**
+
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+
+
+Prevent a file from being executed in the organization using Windows Defender Antivirus.
+
+## Permissions
+Users need to have Security administrator or Global admin directory roles.
+
+## HTTP request
+```
+POST /testwdatppreview/files/{sha1}/block
+```
+
+## Request headers
+
+Header | Value 
+:---|:---
+Authorization | Bearer {token}. **Required**.
+Content-Type	| application/json
+
+## Request body
+In the request body, supply a JSON object with the following parameters:
+
+Parameter |	Type	| Description
+:---|:---|:---
+Comment |	String |	Comment to associate with the action. **Required**.
+
+
+## Response
+If successful, this method returns 200, Ok response code with empty body, which indicates that block message was sent to Windows Defender deployed in the organization.
+
+
+## Example
+
+**Request**
+
+Here is an example of the request.
+
+```
+POST https://graph.microsoft.com/testwdatppreview/files/7327b54fd718525cbca07dacde913b5ac3c85673/block 
+Content-type: application/json
+{
+  "Comment": "Block file due to alert 32123"
+}
+
+
+```
+
+**Response**
+
+Here is an example of the response.
+
+
+```
+HTTP/1.1 201 Created
+Content-type: application/json
+{
+    "fileIdentifier": "7327b54fd718525cbca07dacde913b5ac3c85673",
+     "fileIdentifierType": "Sha1",
+     "actionType": "Block",
+     "fileStatus": "Blocked",
+      "creationDateTimeUtc": "2017-12-04T13:06:23.4502191Z",
+      "requestor": "Analyst@contoso.com ",
+      "requestorComment": "test",
+      "cancellationDateTimeUtc": null,
+      "cancellationRequestor": null,
+      "cancellationComment": null,
+      "lastUpdateDateTimeUtc": "2017-12-04T13:06:23.4502191Z"
+}
+
+```
--- a/windows/security/threat-protection/windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md
@ -0,0 +1,89 @@
+---
+title: Unblock file API
+description: Use this API to create calls related to allowing a file to be executed in the organization
+keywords: apis, graph api, supported apis, unblock file
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+ms.date: 12/08/2017
+---
+
+# Unblock file API
+
+**Applies to:**
+
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+
+
+Allow a file to be executed in the organization, using Windows Defender Antivirus.
+
+## Permissions
+Users need to have Security administrator or Global admin directory roles.
+
+## HTTP request
+```
+POST /testwdatppreview/files/{sha1}/unblock
+```
+
+## Request headers
+
+Header | Value 
+:---|:---
+Authorization | Bearer {token}. **Required**.
+Content-Type	| application/json
+
+## Request body
+In the request body, supply a JSON object with the following parameters:
+
+Parameter |	Type	| Description
+:---|:---|:---
+Comment |	String | Comment to associate with the action. **Required**.
+
+
+## Response
+If successful, this method returns 200, Ok response code with empty body, which indicates that block message was sent to Windows Defender deployed in the organization.
+
+
+## Example
+
+**Request**
+
+Here is an example of the request.
+
+```
+POST https://graph.microsoft.com/testwdatppreview/files/7327b54fd718525cbca07dacde913b5ac3c85673/unblock 
+Content-type: application/json
+{
+  "Comment": "Unblock file since alert 1234 was investigated and discovered to be false alarm",
+}
+```
+
+**Response**
+
+Here is an example of the response.
+
+
+```
+HTTP/1.1 201 Created
+Content-type: application/json
+{
+    "fileIdentifier": "7327b54fd718525cbca07dacde913b5ac3c85673",
+     "fileIdentifierType": "Sha1",
+     "actionType": "UnBlock",
+     "fileStatus": "Blocked",
+      "creationDateTimeUtc": "2017-12-04T13:06:23.4502191Z",
+      "requestor": "Analyst@contoso.com ",
+      "requestorComment": "test",
+      "cancellationDateTimeUtc": null,
+      "cancellationRequestor": null,
+      "cancellationComment": null,
+      "lastUpdateDateTimeUtc": "2017-12-04T13:06:23.4502191Z"
+}
+
+```