mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-12 05:17:22 +00:00
3.3 KiB
3.3 KiB
title, description, keywords, search.product, ms.prod, ms.mktglfcycl, ms.sitesec, ms.pagetype, ms.author, author, ms.localizationpriority, manager, audience, ms.collection, ms.topic
| title | description | keywords | search.product | ms.prod | ms.mktglfcycl | ms.sitesec | ms.pagetype | ms.author | author | ms.localizationpriority | manager | audience | ms.collection | ms.topic |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Restrict app execution API | Use this API to create calls related to restricting an application from executing. | apis, graph api, supported apis, collect investigation package | eADQiWindows 10XVcnh | w10 | deploy | library | security | macapara | mjcaparas | medium | dansimp | ITPro | M365-security-compliance | article |
Restrict app execution API
Applies to:
Restrict execution of all applications on the machine except a predefined set (see Response machine alerts for more information)
[!includeMachine actions note]
Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Use Microsoft Defender ATP APIs
| Permission type | Permission | Permission display name |
|---|---|---|
| Application | Machine.RestrictExecution | 'Restrict code execution' |
| Delegated (work or school account) | Machine.RestrictExecution | 'Restrict code execution' |
Note
When obtaining a token using user credentials:
- The user needs to have at least the following role permission: 'Active remediation actions' (See Create and manage roles for more information)
- The user needs to have access to the machine, based on machine group settings (See Create and manage machine groups for more information)
HTTP request
POST https://api.securitycenter.windows.com/api/machines/{id}/restrictCodeExecution
Request headers
| Name | Type | Description |
|---|---|---|
| Authorization | String | Bearer {token}. Required. |
| Content-Type | string | application/json. Required. |
Request body
In the request body, supply a JSON object with the following parameters:
| Parameter | Type | Description |
|---|---|---|
| Comment | String | Comment to associate with the action. Required. |
Response
If successful, this method returns 201 - Created response code and Machine Action in the response body.
Example
Request
Here is an example of the request.
POST https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/restrictCodeExecution
Content-type: application/json
{
"Comment": "Restrict code execution due to alert 1234"
}
Response
Here is an example of the response.
[!includeImprove request performance]
HTTP/1.1 201 Created
Content-type: application/json
{
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineActions/$entity",
"id": "78d408d1-384c-4c19-8b57-ba39e378011a",
"type": "RestrictCodeExecution",
"requestor": "Analyst@contoso.com ",
"requestorComment": "Restrict code execution due to alert 1234",
"status": "InProgress",
"machineId": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
"creationDateTimeUtc": "2018-12-04T12:15:04.3825985Z",
"lastUpdateTimeUtc": "2018-12-04T12:15:04.3825985Z",
"relatedFileInfo": null
}
To remove code execution restriction from a machine, see Remove app restriction.