mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-22 13:53:39 +00:00
3.2 KiB
3.2 KiB
title, description, keywords, search.product, ms.prod, ms.mktglfcycl, ms.sitesec, ms.pagetype, ms.author, author, ms.localizationpriority, manager, audience, ms.collection, ms.topic, ms.technology
| title | description | keywords | search.product | ms.prod | ms.mktglfcycl | ms.sitesec | ms.pagetype | ms.author | author | ms.localizationpriority | manager | audience | ms.collection | ms.topic | ms.technology |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Restrict app execution API | Use this API to create calls related to restricting an application from executing. | apis, graph api, supported apis, collect investigation package | eADQiWindows 10XVcnh | m365-security | deploy | library | security | macapara | mjcaparas | medium | dansimp | ITPro | M365-security-compliance | article | mde |
Restrict app execution API
[!INCLUDE Microsoft 365 Defender rebranding]
Applies to: Microsoft Defender for Endpoint
- Want to experience Microsoft Defender for Endpoint? Sign up for a free trial.
[!includeMicrosoft Defender for Endpoint API URIs for US Government]
[!includeImprove request performance]
API description
Restrict execution of all applications on the device except a predefined set.
Limitations
- Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
[!includeDevice actions note]
Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Use Microsoft Defender for Endpoint APIs
| Permission type | Permission | Permission display name |
|---|---|---|
| Application | Machine.RestrictExecution | 'Restrict code execution' |
| Delegated (work or school account) | Machine.RestrictExecution | 'Restrict code execution' |
Note
When obtaining a token using user credentials:
- The user needs to have at least the following role permission: 'Active remediation actions' (See Create and manage roles for more information)
- The user needs to have access to the device, based on device group settings (See Create and manage device groups for more information)
HTTP request
POST https://api.securitycenter.microsoft.com/api/machines/{id}/restrictCodeExecution
Request headers
| Name | Type | Description |
|---|---|---|
| Authorization | String | Bearer {token}. Required. |
| Content-Type | string | application/json. Required. |
Request body
In the request body, supply a JSON object with the following parameters:
| Parameter | Type | Description |
|---|---|---|
| Comment | String | Comment to associate with the action. Required. |
Response
If successful, this method returns 201 - Created response code and Machine Action in the response body.
Example
Request
Here is an example of the request.
POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/restrictCodeExecution
Content-type: application/json
{
"Comment": "Restrict code execution due to alert 1234"
}
- To remove code execution restriction from a device, see Remove app restriction.