deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-23 06:13:41 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
Files
c19fa00cc3ec2d444be06aec695c70a841f15c40
windows-itpro-docs/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md
Dulce Montemayor f8b45a50ce Added API video link
2020-02-11 15:21:44 -08:00

70 lines
3.3 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
title: Access the Microsoft Defender Advanced Threat Protection APIs
ms.reviewer:
description: Learn how you can use APIs to automate workflows and innovate based on Microsoft Defender ATP capabilities
keywords: apis, api, wdatp, open api, windows defender atp api, public api, supported apis, alerts, machine, user, domain, ip, file, advanced hunting, query
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
---
# Access the Microsoft Defender Advanced Threat Protection APIs
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
Microsoft Defender ATP exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate workflows and innovate based on Microsoft Defender ATP capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols-oauth-code).
Watch this video for a quick overview of Microsoft Defender ATP's APIs.
>[!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4d73M]
In general, youll need to take the following steps to use the APIs:
- Create an AAD application
- Get an access token using this application
- Use the token to access Microsoft Defender ATP API
You can access Microsoft Defender ATP API with **Application Context** or **User Context**.
- **Application Context: (Recommended)** <br>
Used by apps that run without a signed-in user present. for example, apps that run as background services or daemons.
Steps that need to be taken to access Microsoft Defender ATP API with application context:
1. Create an AAD Web-Application.
2. Assign the desired permission to the application, for example, 'Read Alerts', 'Isolate Machines'.
3. Create a key for this Application.
4. Get token using the application with its key.
5. Use the token to access Microsoft Defender ATP API
For more information, see [Get access with application context](exposed-apis-create-app-webapp.md).
- **User Context:** <br>
Used to perform actions in the API on behalf of a user.
Steps that needs to be taken to access Microsoft Defender ATP API with application context:
1. Create AAD Native-Application.
2. Assign the desired permission to the application, e.g 'Read Alerts', 'Isolate Machines' etc.
3. Get token using the application with user credentials.
4. Use the token to access Microsoft Defender ATP API
For more information, see [Get access with user context](exposed-apis-create-app-nativeapp.md).
## Related topics
- [Microsoft Defender ATP APIs](exposed-apis-list.md)
- [Access Microsoft Defender ATP with application context](exposed-apis-create-app-webapp.md)
- [Access Microsoft Defender ATP with user context](exposed-apis-create-app-nativeapp.md)
Reference in New Issue View Git Blame Copy Permalink