deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/security/threat-protection/microsoft-defender-atp/unisolate-machine.md
Joey Caparas 225ff4ac86 update flie link
2019-05-15 14:27:29 -07:00

3.3 KiB
Raw Blame History

title, description, keywords, search.product, ms.prod, ms.mktglfcycl, ms.sitesec, ms.pagetype, ms.author, author, ms.localizationpriority, manager, audience, ms.collection, ms.topic
title description keywords search.product ms.prod ms.mktglfcycl ms.sitesec ms.pagetype ms.author author ms.localizationpriority manager audience ms.collection ms.topic
Release machine from isolation API Use this API to create calls related to release a machine from isolation. apis, graph api, supported apis, remove machine from isolation eADQiWindows 10XVcnh w10 deploy library security macapara mjcaparas medium dansimp ITPro M365-security-compliance article

Release machine from isolation API

Applies to:

Undo isolation of a machine.

[!includeMachine actions note]

Permissions

One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Use Microsoft Defender ATP APIs

Permission type Permission Permission display name
Application Machine.Isolate 'Isolate machine'
Delegated (work or school account) Machine.Isolate 'Isolate machine'

Note

When obtaining a token using user credentials:

  • The user needs to have at least the following role permission: 'Active remediation actions' (See Create and manage roles for more information)
  • The user needs to have access to the machine, based on machine group settings (See Create and manage machine groups for more information)

HTTP request

POST https://api.securitycenter.windows.com/api/machines/{id}/unisolate

Request headers

Name Type Description
Authorization String Bearer {token}. Required.
Content-Type string application/json. Required.

Request body

In the request body, supply a JSON object with the following parameters:

Parameter Type Description
Comment String Comment to associate with the action. Required.

Response

If successful, this method returns 201 - Created response code and Machine Action in the response body.

Example

Request

Here is an example of the request.

[!includeImprove request performance]

POST https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/unisolate 
Content-type: application/json
{
  "Comment": "Unisolate machine since it was clean and validated"
}

Response

Here is an example of the response.

Note

The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

HTTP/1.1 201 Created
Content-type: application/json
{
    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineActions/$entity",
    "id": "09a0f91e-a2eb-409d-af33-5577fe9bd558",
    "type": "Unisolate",
    "requestor": "Analyst@contoso.com ",
    "requestorComment": "Unisolate machine since it was clean and validated ",
    "status": "InProgress",
    "machineId": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
    "creationDateTimeUtc": "2018-12-04T12:13:15.0104931Z",
    "lastUpdateTimeUtc": "2018-12-04T12:13:15.0104931Z",
	"relatedFileInfo": null
}

To isolate a machine, see Isolate machine.