--- title: Microsoft Defender ATP APIs connection to Power BI ms.reviewer: description: Create custom reports using Power BI keywords: apis, supported apis, Power BI, reports search.product: eADQiWindows 10XVcnh ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article --- # Create custom reports using Power BI **Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) In this section you will learn create a Power BI report on top of Microsoft Defender ATP APIs. The first example demonstrates how to connect Power BI to Advanced Hunting API and the second example demonstrates a connection to our OData APIs (e.g. Machine Actions, Alerts, etc..) ## Connect Power BI to Advanced Hunting API - Open Microsoft Power BI - Click **Get Data** > **Blank Query** ![Image of create blank query](images/power-bi-create-blank-query.png) - Click **Advanced Editor** ![Image of open advanced editor](images/power-bi-open-advanced-editor.png) - Copy the below and paste it in the editor: ``` let AdvancedHuntingQuery = "DeviceEvents | where ActionType contains 'Anti'", HuntingUrl = "https://api.securitycenter.windows.com/api/advancedqueries", Response = Json.Document(Web.Contents(HuntingUrl, [Query=[key=AdvancedHuntingQuery]])), TypeMap = #table( { "Type", "PowerBiType" }, { { "Double", Double.Type }, { "Int64", Int64.Type }, { "Int32", Int32.Type }, { "Int16", Int16.Type }, { "UInt64", Number.Type }, { "UInt32", Number.Type }, { "UInt16", Number.Type }, { "Byte", Byte.Type }, { "Single", Single.Type }, { "Decimal", Decimal.Type }, { "TimeSpan", Duration.Type }, { "DateTime", DateTimeZone.Type }, { "String", Text.Type }, { "Boolean", Logical.Type }, { "SByte", Logical.Type }, { "Guid", Text.Type } }), Schema = Table.FromRecords(Response[Schema]), TypedSchema = Table.Join(Table.SelectColumns(Schema, {"Name", "Type"}), {"Type"}, TypeMap , {"Type"}), Results = Response[Results], Rows = Table.FromRecords(Results, Schema[Name]), Table = Table.TransformColumnTypes(Rows, Table.ToList(TypedSchema, (c) => {c{0}, c{2}})) in Table ``` - Click **Done** - Click **Edit Credentials** ![Image of edit credentials](images/power-bi-edit-credentials.png) - Select **Organizational account** > **Sign in** ![Image of set credentials](images/power-bi-set-credentials-organizational.png) - Enter your credentials and wait to be signed in - Click **Connect** ![Image of set credentials](images/power-bi-set-credentials-organizational-cont.png) - Now the results of your query will appear as table and you can start build visualizations on top of it! - You can duplicate this table, rename it and edit the Advanced Hunting query inside to get any data you would like. ## Connect Power BI to OData APIs - The only difference from the above example is the query inside the editor. - Copy the below and paste it in the editor to pull all **Machine Actions** from your organization: ``` let Query = "MachineActions", Source = OData.Feed("https://api.securitycenter.windows.com/api/" & Query, null, [Implementation="2.0", MoreColumns=true]) in Source ``` - You can do the same for **Alerts** and **Machines**. - You also can use OData queries for queries filters, see [Using OData Queries](exposed-apis-odata-samples.md) ## Power BI dashboard samples in GitHub For more information see the [Power BI report templates](https://github.com/microsoft/MDATP-PowerBI-Templates). ## Related topic - [Microsoft Defender ATP APIs](apis-intro.md) - [Advanced Hunting API](run-advanced-query-api.md) - [Using OData Queries](exposed-apis-odata-samples.md)