Security & Compliance

List Defender State

get

Retrieves the status of Microsoft Defender across devices

Query parameters

tenantFilterstringRequired

The tenant to filter by

Responses

200

Defender state retrieved successfully

application/json

400

Bad request

401

Unauthorized

500

Internal server error

get

/ListDefenderState

GET /api/ListDefenderState?tenantFilter=text HTTP/1.1
Accept: */*

[
  {
    "deviceName": "text",
    "windowsProtectionState": {
      "malwareProtectionEnabled": true,
      "realTimeProtectionEnabled": true,
      "networkInspectionSystemEnabled": true,
      "deviceState": "text",
      "quickScanOverdue": true,
      "fullScanOverdue": true,
      "signatureUpdateOverdue": true,
      "rebootRequired": true,
      "lastReportedDateTime": "2026-02-01T09:46:50.267Z"
    }
  }
]

List Defender Threat & Vulnerability Management

get

Retrieves software vulnerabilities detected by Microsoft Defender

Query parameters

tenantFilterstringRequired

The tenant to filter by

Responses

200

Defender TVM data retrieved successfully

application/json

400

Bad request

401

Unauthorized

500

Internal server error

get

/ListDefenderTVM

GET /api/ListDefenderTVM?tenantFilter=text HTTP/1.1
Accept: */*

[
  {
    "affectedDevicesCount": 1,
    "affectedDevices": [
      "text"
    ],
    "osPlatform": "text",
    "softwareVendor": "text",
    "softwareName": "text",
    "vulnerabilitySeverityLevel": "text",
    "cvssScore": 1,
    "securityUpdateAvailable": true,
    "exploitabilityLevel": "text",
    "cveId": "text"
  }
]

Add Defender Deployment

post

Deploys Microsoft Defender policies to selected tenants

Body

Responses

200

Defender deployment added successfully

application/json

400

Bad request

401

Unauthorized

500

Internal server error

post

/AddDefenderDeployment

POST /api/AddDefenderDeployment HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 1158

{
  "selectedTenants": [
    {
      "value": "text",
      "label": "text"
    }
  ],
  "Compliance": {
    "AllowMEMEnforceCompliance": true,
    "ConnectIosCompliance": true,
    "ConnectAndroidCompliance": true,
    "ConnectWindows": true,
    "AppSync": true,
    "BlockunsupportedOS": true,
    "ConnectAndroid": true,
    "ConnectIos": true
  },
  "EDR": {
    "Telemetry": true,
    "Config": true,
    "SampleSharing": true
  },
  "Policy": {
    "ScanArchives": true,
    "AllowBehavior": true,
    "AllowCloudProtection": true,
    "AllowEmailScanning": true,
    "AllowFullScanNetwork": true,
    "AllowFullScanRemovable": true,
    "AllowScriptScan": true,
    "AllowIPS": true,
    "LowCPU": true,
    "AllowDownloadable": true,
    "AllowRealTime": true,
    "AllowNetwork": true,
    "AllowUI": true,
    "NetworkProtectionBlock": true,
    "NetworkProtectionAudit": true,
    "CheckSigs": true,
    "DisableCatchupFullScan": true,
    "DisableCatchupQuickScan": true,
    "AssignTo": "none"
  },
  "ASR": {
    "BlockAdobeChild": true,
    "BlockWin32Macro": true,
    "BlockCredentialStealing": true,
    "BlockPSExec": true,
    "WMIPersistence": true,
    "BlockOfficeExes": true,
    "BlockOfficeApps": true,
    "BlockYoungExe": true,
    "blockJSVB": true,
    "blockOfficeComChild": true,
    "blockOfficeChild": true,
    "BlockUntrustedUSB": true,
    "EnableRansomwareVac": true,
    "BlockExesMail": true,
    "BlockUnsignedDrivers": true,
    "AssignTo": "none"
  }
}

{
  "Results": {}
}

List Security Alerts

get

Retrieves a list of security alerts

Query parameters

tenantFilterstringRequired

The tenant to filter by

Responses

200

Security alerts retrieved successfully

application/json

400

Bad request

401

Unauthorized

500

Internal server error

get

/ExecAlertsList

GET /api/ExecAlertsList?tenantFilter=text HTTP/1.1
Accept: */*

{
  "Results": {
    "MSResults": [
      {
        "EventDateTime": "2026-02-01T09:46:50.267Z",
        "Status": "text",
        "Title": "text",
        "Severity": "text",
        "Category": "text",
        "Tenant": "text",
        "InvolvedUsers": [
          "text"
        ],
        "Id": "text",
        "RawResult": {
          "vendorInformation": {
            "vendor": "text",
            "provider": "text"
          }
        }
      }
    ]
  }
}

Set Security Alert Status

post

Updates the status of a security alert

Body

GUIDstringRequired

The ID of the alert

Statusstring · enumRequired

The new status of the alert

Possible values:

VendorstringRequired

The vendor name

ProviderstringRequired

The provider name

Responses

200

Security alert status updated successfully

application/json

400

Bad request

401

Unauthorized

500

Internal server error

post

/ExecSetSecurityAlert

POST /api/ExecSetSecurityAlert HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 72

{
  "GUID": "text",
  "Status": "!inProgress",
  "Vendor": "text",
  "Provider": "text"
}

{
  "Results": {}
}

List Security Incidents

get

Retrieves a list of security incidents

Query parameters

tenantFilterstringRequired

The tenant to filter by

Responses

200

Security incidents retrieved successfully

application/json

400

Bad request

401

Unauthorized

500

Internal server error

get

/ExecIncidentsList

GET /api/ExecIncidentsList?tenantFilter=text HTTP/1.1
Accept: */*

{
  "Results": [
    {
      "Created": "2026-02-01T09:46:50.267Z",
      "Updated": "2026-02-01T09:46:50.267Z",
      "Tenant": "text",
      "Id": "text",
      "RedirectId": "text",
      "DisplayName": "text",
      "Status": "text",
      "Severity": "text",
      "AssignedTo": "text",
      "Classification": "text",
      "Determination": "text",
      "IncidentUrl": "text",
      "Tags": [
        "text"
      ]
    }
  ]
}

Set Security Incident Status

post

Updates the status of a security incident or assigns it to a user

Body

GUIDstringRequired

The ID of the incident

Statusstring · enumOptional

The new status of the incident

Possible values:

AssignedstringOptional

The user assigned to the incident

Responses

200

Security incident updated successfully

application/json

400

Bad request

401

Unauthorized

500

Internal server error

post

/ExecSetSecurityIncident

POST /api/ExecSetSecurityIncident HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 52

{
  "GUID": "text",
  "Status": "!active",
  "Assigned": "text"
}

{
  "Results": {}
}

List Graph Request

get

Retrieves data from a Graph API request

Query parameters

tenantFilterstringRequired

The tenant to filter by

endpointstringRequired

The Graph API endpoint

$topstringOptional

Number of records to return

Responses

200

Graph request data retrieved successfully

application/json

400

Bad request

401

Unauthorized

500

Internal server error

get

/ListGraphRequest

GET /api/ListGraphRequest?tenantFilter=text&endpoint=text HTTP/1.1
Accept: */*

{
  "Results": [
    {}
  ]
}

PreviousTenant Administration NextIntune

Last updated 6 months ago

Was this helpful?

hashtagList Defender State

hashtagList Defender Threat & Vulnerability Management

hashtagAdd Defender Deployment

hashtagList Security Alerts

hashtagSet Security Alert Status

hashtagList Security Incidents

hashtagSet Security Incident Status

hashtagList Graph Request

List Defender State

List Defender Threat & Vulnerability Management

Add Defender Deployment

List Security Alerts

Set Security Alert Status

List Security Incidents

Set Security Incident Status

List Graph Request