diff --git a/windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection-new.md index 7a7fbac1dd..4683167dfb 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection-new.md @@ -14,13 +14,12 @@ ms.date: 12/08/2017 --- # Get machine by ID API -**Applies to:** - -- Windows Defender Advanced Threat Protection (Windows Defender ATP) - [!include[Prerelease information](prerelease.md)] +**Applies to:** + +- Windows Defender Advanced Threat Protection (Windows Defender ATP) Retrieves a machine entity by ID. ## Permissions @@ -78,13 +77,13 @@ Content-type: application/json "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", "computerDnsName": "mymachine1.contoso.com", "firstSeen": "2018-08-02T14:55:03.7791856Z", + "lastSeen": "2018-08-02T14:55:03.7791856Z", "osPlatform": "Windows10", "osVersion": null, "systemProductName": null, "lastIpAddress": "172.17.230.209", "lastExternalIpAddress": "167.220.196.71", "agentVersion": "10.5830.18209.1001", - "groupName": null, "osBuild": 18209, "healthStatus": "Active", "isAadJoined": true, diff --git a/windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection-new.md index 2eccd27c17..d114cf97cb 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection-new.md @@ -14,16 +14,16 @@ ms.date: 12/08/2017 --- # List machines API + +[!include[Prerelease information](prerelease.md)] + **Applies to:** - Windows Defender Advanced Threat Protection (Windows Defender ATP) - -[!include[Prerelease information](prerelease.md)] - - - Retrieves a collection of machines that have communicated with WDATP cloud on the last 30 days. +Get Machines collection API supports [OData V4 queries](https://www.odata.org/documentation/). +The OData's Filter query is supported on: "Id", "ComputerDnsName", "LastSeen", "LastIpAddress", "HealthStatus", "OsPlatform", "RiskScore" and "RbacGroupId" ## Permissions @@ -36,7 +36,7 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine ## HTTP request ``` -GET /api/machines +GET https://api.securitycenter.windows.com/api/machines ``` ## Request headers @@ -80,13 +80,13 @@ Content-type: application/json "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", "computerDnsName": "mymachine1.contoso.com", "firstSeen": "2018-08-02T14:55:03.7791856Z", + "lastSeen": "2018-08-02T14:55:03.7791856Z", "osPlatform": "Windows10", "osVersion": null, "systemProductName": null, "lastIpAddress": "172.17.230.209", "lastExternalIpAddress": "167.220.196.71", "agentVersion": "10.5830.18209.1001", - "groupName": null, "osBuild": 18209, "healthStatus": "Active", "isAadJoined": true, @@ -99,13 +99,13 @@ Content-type: application/json "id": "7292e4b8cb74ff1cc3d8a495eb29dc8858b732f7", "computerDnsName": "mymachine2.contoso.com", "firstSeen": "2018-07-09T13:22:45.1250071Z", + "lastSeen": "2018-07-09T13:22:45.1250071Z", "osPlatform": "Windows10", "osVersion": null, "systemProductName": null, "lastIpAddress": "192.168.12.225", "lastExternalIpAddress": "79.183.65.82", "agentVersion": "10.5820.17724.1000", - "groupName": "WDATPClientTeam", "osBuild": 17724, "healthStatus": "Inactive", "isAadJoined": true, diff --git a/windows/security/threat-protection/windows-defender-atp/machine-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/machine-windows-defender-advanced-threat-protection-new.md index 093e47ba79..1384b99ca0 100644 --- a/windows/security/threat-protection/windows-defender-atp/machine-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/machine-windows-defender-advanced-threat-protection-new.md @@ -30,14 +30,14 @@ Property | Type | Description id | String | [machine](machine-windows-defender-advanced-threat-protection-new.md) identity. computerDnsName | String | [machine](machine-windows-defender-advanced-threat-protection-new.md) fully qualified name. firstSeen | DateTimeOffset | First date and time where the [machine](machine-windows-defender-advanced-threat-protection-new.md) was observed by WDATP. +lastSeen | DateTimeOffset | Last date and time where the [machine](machine-windows-defender-advanced-threat-protection-new.md) was observed by WDATP. osPlatform | String | OS platform. osVersion | String | OS Version. lastIpAddress | Ip | Last IP on local NIC on the [machine](machine-windows-defender-advanced-threat-protection-new.md). lastExternalIpAddress | Ip | Last IP through which the [machine](machine-windows-defender-advanced-threat-protection-new.md) accessed the internet. agentVersion | String | Version of WDATP agent. -groupName | String | [machine](machine-windows-defender-advanced-threat-protection-new.md) group name (when defined). osBuild | Int | OS build number. -healthStatus | String | [machine](machine-windows-defender-advanced-threat-protection-new.md) health status. +healthStatus | Enum | [machine](machine-windows-defender-advanced-threat-protection-new.md) health status. Possible values are: "Active", "Inactive", "ImpairedCommunication", "NoSensorData" and "NoSensorDataImpairedCommunication" isAadJoined | Boolean | Is [machine](machine-windows-defender-advanced-threat-protection-new.md) AAD joined. machineTags | String collection | Set of [machine](machine-windows-defender-advanced-threat-protection-new.md) tags. rbacGroupId | Int | Group ID.