deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md
Daniel Simpson 9efe39d7be fixing URL for eval link
2019-09-20 11:18:00 -07:00

3.1 KiB
Raw Blame History

title, ms.reviewer, description, keywords, search.product, ms.prod, ms.mktglfcycl, ms.sitesec, ms.pagetype, ms.author, author, ms.localizationpriority, manager, audience, ms.collection, ms.topic
title ms.reviewer description keywords search.product ms.prod ms.mktglfcycl ms.sitesec ms.pagetype ms.author author ms.localizationpriority manager audience ms.collection ms.topic
Microsoft Defender Advanced Threat Protection API overview Learn how you can use APIs to automate workflows and innovate based on Microsoft Defender ATP capabilities apis, api, wdatp, open api, windows defender atp api, public api, supported apis, alerts, machine, user, domain, ip, file, advanced hunting, query eADQiWindows 10XVcnh w10 deploy library security macapara mjcaparas medium dansimp ITPro M365-security-compliance conceptual

Microsoft Defender ATP API overview

Applies to:

Want to experience Microsoft Defender ATP? Sign up for a free trial.

Microsoft Defender ATP exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate workflows and innovate based on Microsoft Defender ATP capabilities. The API access requires OAuth2.0 authentication. For more information, see OAuth 2.0 Authorization Code Flow.

In general, youll need to take the following steps to use the APIs:

  • Create an AAD application
  • Get an access token using this application
  • Use the token to access Microsoft Defender ATP API

You can access Microsoft Defender ATP API with Application Context or User Context.

  • Application Context: (Recommended)
    Used by apps that run without a signed-in user present. for example, apps that run as background services or daemons.

    Steps that need to be taken to access Microsoft Defender ATP API with application context:

    1. Create an AAD Web-Application.

    2. Assign the desired permission to the application, for example, 'Read Alerts', 'Isolate Machines'.

    3. Create a key for this Application.

    4. Get token using the application with its key.

    5. Use the token to access Microsoft Defender ATP API

      For more information, see Get access with application context.

  • User Context:
    Used to perform actions in the API on behalf of a user.

    Steps that needs to be taken to access Microsoft Defender ATP API with application context:

    1. Create AAD Native-Application.

    2. Assign the desired permission to the application, e.g 'Read Alerts', 'Isolate Machines' etc.

    3. Get token using the application with user credentials.

    4. Use the token to access Microsoft Defender ATP API

      For more information, see Get access with user context.

Related topics