Security & Compliance
Retrieves the status of Microsoft Defender across devices
The tenant to filter by
Defender state retrieved successfully
Bad request
Unauthorized
Internal server error
GET /api/ListDefenderState?tenantFilter=text HTTP/1.1
Host:
Accept: */*
[
{
"deviceName": "text",
"windowsProtectionState": {
"malwareProtectionEnabled": true,
"realTimeProtectionEnabled": true,
"networkInspectionSystemEnabled": true,
"deviceState": "text",
"quickScanOverdue": true,
"fullScanOverdue": true,
"signatureUpdateOverdue": true,
"rebootRequired": true,
"lastReportedDateTime": "2025-08-05T22:53:30.860Z"
}
}
]Retrieves software vulnerabilities detected by Microsoft Defender
The tenant to filter by
Defender TVM data retrieved successfully
Bad request
Unauthorized
Internal server error
GET /api/ListDefenderTVM?tenantFilter=text HTTP/1.1
Host:
Accept: */*
[
{
"affectedDevicesCount": 1,
"affectedDevices": [
"text"
],
"osPlatform": "text",
"softwareVendor": "text",
"softwareName": "text",
"vulnerabilitySeverityLevel": "text",
"cvssScore": 1,
"securityUpdateAvailable": true,
"exploitabilityLevel": "text",
"cveId": "text"
}
]Deploys Microsoft Defender policies to selected tenants
Defender deployment added successfully
Bad request
Unauthorized
Internal server error
POST /api/AddDefenderDeployment HTTP/1.1
Host:
Content-Type: application/json
Accept: */*
Content-Length: 1158
{
"selectedTenants": [
{
"value": "text",
"label": "text"
}
],
"Compliance": {
"AllowMEMEnforceCompliance": true,
"ConnectIosCompliance": true,
"ConnectAndroidCompliance": true,
"ConnectWindows": true,
"AppSync": true,
"BlockunsupportedOS": true,
"ConnectAndroid": true,
"ConnectIos": true
},
"EDR": {
"Telemetry": true,
"Config": true,
"SampleSharing": true
},
"Policy": {
"ScanArchives": true,
"AllowBehavior": true,
"AllowCloudProtection": true,
"AllowEmailScanning": true,
"AllowFullScanNetwork": true,
"AllowFullScanRemovable": true,
"AllowScriptScan": true,
"AllowIPS": true,
"LowCPU": true,
"AllowDownloadable": true,
"AllowRealTime": true,
"AllowNetwork": true,
"AllowUI": true,
"NetworkProtectionBlock": true,
"NetworkProtectionAudit": true,
"CheckSigs": true,
"DisableCatchupFullScan": true,
"DisableCatchupQuickScan": true,
"AssignTo": "none"
},
"ASR": {
"BlockAdobeChild": true,
"BlockWin32Macro": true,
"BlockCredentialStealing": true,
"BlockPSExec": true,
"WMIPersistence": true,
"BlockOfficeExes": true,
"BlockOfficeApps": true,
"BlockYoungExe": true,
"blockJSVB": true,
"blockOfficeComChild": true,
"blockOfficeChild": true,
"BlockUntrustedUSB": true,
"EnableRansomwareVac": true,
"BlockExesMail": true,
"BlockUnsignedDrivers": true,
"AssignTo": "none"
}
}{
"Results": {}
}Retrieves a list of security alerts
The tenant to filter by
Security alerts retrieved successfully
Bad request
Unauthorized
Internal server error
GET /api/ExecAlertsList?tenantFilter=text HTTP/1.1
Host:
Accept: */*
{
"Results": {
"MSResults": [
{
"EventDateTime": "2025-08-05T22:53:30.860Z",
"Status": "text",
"Title": "text",
"Severity": "text",
"Category": "text",
"Tenant": "text",
"InvolvedUsers": [
"text"
],
"Id": "text",
"RawResult": {
"vendorInformation": {
"vendor": "text",
"provider": "text"
}
}
}
]
}
}Updates the status of a security alert
The ID of the alert
The new status of the alert
The vendor name
The provider name
Security alert status updated successfully
Bad request
Unauthorized
Internal server error
POST /api/ExecSetSecurityAlert HTTP/1.1
Host:
Content-Type: application/json
Accept: */*
Content-Length: 72
{
"GUID": "text",
"Status": "!inProgress",
"Vendor": "text",
"Provider": "text"
}{
"Results": {}
}Retrieves a list of security incidents
The tenant to filter by
Security incidents retrieved successfully
Bad request
Unauthorized
Internal server error
GET /api/ExecIncidentsList?tenantFilter=text HTTP/1.1
Host:
Accept: */*
{
"Results": [
{
"Created": "2025-08-05T22:53:30.860Z",
"Updated": "2025-08-05T22:53:30.860Z",
"Tenant": "text",
"Id": "text",
"RedirectId": "text",
"DisplayName": "text",
"Status": "text",
"Severity": "text",
"AssignedTo": "text",
"Classification": "text",
"Determination": "text",
"IncidentUrl": "text",
"Tags": [
"text"
]
}
]
}Updates the status of a security incident or assigns it to a user
The ID of the incident
The new status of the incident
The user assigned to the incident
Security incident updated successfully
Bad request
Unauthorized
Internal server error
POST /api/ExecSetSecurityIncident HTTP/1.1
Host:
Content-Type: application/json
Accept: */*
Content-Length: 52
{
"GUID": "text",
"Status": "!active",
"Assigned": "text"
}{
"Results": {}
}Retrieves data from a Graph API request
The tenant to filter by
The Graph API endpoint
Number of records to return
Graph request data retrieved successfully
Bad request
Unauthorized
Internal server error
GET /api/ListGraphRequest?tenantFilter=text&endpoint=text HTTP/1.1
Host:
Accept: */*
{
"Results": [
{}
]
}Last updated
Was this helpful?