Security & Compliance
Retrieves the status of Microsoft Defender across devices
Query parameters
tenantFilterstringRequired
The tenant to filter by
Responses
200
Defender state retrieved successfully
application/json
400
Bad request
401
Unauthorized
500
Internal server error
get
GET /api/ListDefenderState?tenantFilter=text HTTP/1.1
Host:
Accept: */*
[
{
"deviceName": "text",
"windowsProtectionState": {
"malwareProtectionEnabled": true,
"realTimeProtectionEnabled": true,
"networkInspectionSystemEnabled": true,
"deviceState": "text",
"quickScanOverdue": true,
"fullScanOverdue": true,
"signatureUpdateOverdue": true,
"rebootRequired": true,
"lastReportedDateTime": "2025-08-03T20:17:24.068Z"
}
}
]Retrieves software vulnerabilities detected by Microsoft Defender
Query parameters
tenantFilterstringRequired
The tenant to filter by
Responses
200
Defender TVM data retrieved successfully
application/json
400
Bad request
401
Unauthorized
500
Internal server error
get
GET /api/ListDefenderTVM?tenantFilter=text HTTP/1.1
Host:
Accept: */*
[
{
"affectedDevicesCount": 1,
"affectedDevices": [
"text"
],
"osPlatform": "text",
"softwareVendor": "text",
"softwareName": "text",
"vulnerabilitySeverityLevel": "text",
"cvssScore": 1,
"securityUpdateAvailable": true,
"exploitabilityLevel": "text",
"cveId": "text"
}
]Deploys Microsoft Defender policies to selected tenants
Body
Responses
200
Defender deployment added successfully
application/json
400
Bad request
401
Unauthorized
500
Internal server error
post
POST /api/AddDefenderDeployment HTTP/1.1
Host:
Content-Type: application/json
Accept: */*
Content-Length: 1158
{
"selectedTenants": [
{
"value": "text",
"label": "text"
}
],
"Compliance": {
"AllowMEMEnforceCompliance": true,
"ConnectIosCompliance": true,
"ConnectAndroidCompliance": true,
"ConnectWindows": true,
"AppSync": true,
"BlockunsupportedOS": true,
"ConnectAndroid": true,
"ConnectIos": true
},
"EDR": {
"Telemetry": true,
"Config": true,
"SampleSharing": true
},
"Policy": {
"ScanArchives": true,
"AllowBehavior": true,
"AllowCloudProtection": true,
"AllowEmailScanning": true,
"AllowFullScanNetwork": true,
"AllowFullScanRemovable": true,
"AllowScriptScan": true,
"AllowIPS": true,
"LowCPU": true,
"AllowDownloadable": true,
"AllowRealTime": true,
"AllowNetwork": true,
"AllowUI": true,
"NetworkProtectionBlock": true,
"NetworkProtectionAudit": true,
"CheckSigs": true,
"DisableCatchupFullScan": true,
"DisableCatchupQuickScan": true,
"AssignTo": "none"
},
"ASR": {
"BlockAdobeChild": true,
"BlockWin32Macro": true,
"BlockCredentialStealing": true,
"BlockPSExec": true,
"WMIPersistence": true,
"BlockOfficeExes": true,
"BlockOfficeApps": true,
"BlockYoungExe": true,
"blockJSVB": true,
"blockOfficeComChild": true,
"blockOfficeChild": true,
"BlockUntrustedUSB": true,
"EnableRansomwareVac": true,
"BlockExesMail": true,
"BlockUnsignedDrivers": true,
"AssignTo": "none"
}
}{
"Results": {}
}Retrieves a list of security alerts
Query parameters
tenantFilterstringRequired
The tenant to filter by
Responses
200
Security alerts retrieved successfully
application/json
400
Bad request
401
Unauthorized
500
Internal server error
get
GET /api/ExecAlertsList?tenantFilter=text HTTP/1.1
Host:
Accept: */*
{
"Results": {
"MSResults": [
{
"EventDateTime": "2025-08-03T20:17:24.068Z",
"Status": "text",
"Title": "text",
"Severity": "text",
"Category": "text",
"Tenant": "text",
"InvolvedUsers": [
"text"
],
"Id": "text",
"RawResult": {
"vendorInformation": {
"vendor": "text",
"provider": "text"
}
}
}
]
}
}Updates the status of a security alert
Body
GUIDstringRequired
The ID of the alert
Statusstring · enumRequiredPossible values:
The new status of the alert
VendorstringRequired
The vendor name
ProviderstringRequired
The provider name
Responses
200
Security alert status updated successfully
application/json
400
Bad request
401
Unauthorized
500
Internal server error
post
POST /api/ExecSetSecurityAlert HTTP/1.1
Host:
Content-Type: application/json
Accept: */*
Content-Length: 72
{
"GUID": "text",
"Status": "!inProgress",
"Vendor": "text",
"Provider": "text"
}{
"Results": {}
}Retrieves a list of security incidents
Query parameters
tenantFilterstringRequired
The tenant to filter by
Responses
200
Security incidents retrieved successfully
application/json
400
Bad request
401
Unauthorized
500
Internal server error
get
GET /api/ExecIncidentsList?tenantFilter=text HTTP/1.1
Host:
Accept: */*
{
"Results": [
{
"Created": "2025-08-03T20:17:24.068Z",
"Updated": "2025-08-03T20:17:24.068Z",
"Tenant": "text",
"Id": "text",
"RedirectId": "text",
"DisplayName": "text",
"Status": "text",
"Severity": "text",
"AssignedTo": "text",
"Classification": "text",
"Determination": "text",
"IncidentUrl": "text",
"Tags": [
"text"
]
}
]
}Updates the status of a security incident or assigns it to a user
Body
GUIDstringRequired
The ID of the incident
Statusstring · enumOptionalPossible values:
The new status of the incident
AssignedstringOptional
The user assigned to the incident
Responses
200
Security incident updated successfully
application/json
400
Bad request
401
Unauthorized
500
Internal server error
post
POST /api/ExecSetSecurityIncident HTTP/1.1
Host:
Content-Type: application/json
Accept: */*
Content-Length: 52
{
"GUID": "text",
"Status": "!active",
"Assigned": "text"
}{
"Results": {}
}Retrieves data from a Graph API request
Query parameters
tenantFilterstringRequired
The tenant to filter by
endpointstringRequired
The Graph API endpoint
$topstringOptional
Number of records to return
Responses
200
Graph request data retrieved successfully
application/json
400
Bad request
401
Unauthorized
500
Internal server error
get
GET /api/ListGraphRequest?tenantFilter=text&endpoint=text HTTP/1.1
Host:
Accept: */*
{
"Results": [
{}
]
}Last updated
Was this helpful?