Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Note
If you are a US Government customer, please use the URIs listed in Microsoft Defender for Endpoint for US Government customers.
Tip
For better performance, use a server closer to your geolocation:
- us.api.security.microsoft.com
- eu.api.security.microsoft.com
- uk.api.security.microsoft.com
- au.api.security.microsoft.com
- swa.api.security.microsoft.com
- ina.api.security.microsoft.com
- aea.api.security.microsoft.com
Important
Some information in this article relates to a prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, with respect to the information provided here.
Methods
| Method | Return Type | Description |
|---|---|---|
| List machines | machine collection | List set of machine entities in the org. |
| Get machine | machine | Get a machine by its identity. |
| Get logged on users | user collection | Get the set of User that logged on to the machine. |
| Get related alerts | alert collection | Get the set of alert entities that were raised on the machine. |
| Get installed software | software collection | Retrieves a collection of installed software related to a given machine ID. |
| Get discovered vulnerabilities | vulnerability collection | Retrieves a collection of discovered vulnerabilities related to a given machine ID. |
| Get security recommendations | recommendation collection | Retrieves a collection of security recommendations related to a given machine ID. |
| Add or Remove machine tags | machine | Add or Remove tag to a specific machine. |
| Find machines by IP | machine collection | Find machines seen with IP. |
| Find machines by tag | machine collection | Find machines by Tag. |
| Get missing KBs | KB collection | Get a list of missing KBs associated with the machine ID |
| Set device value | machine collection | Set the value of a device. |
| Update machine | machine collection | Get the update status of a machine. |
Properties
| Property | Type | Description |
|---|---|---|
| id | String | machine identity. |
| computerDnsName | String | machine fully qualified name. |
| firstSeen | DateTimeOffset | First date and time where the machine was observed by Microsoft Defender for Endpoint. |
| lastSeen | DateTimeOffset | Time and date of the last received full device report. A device typically sends a full report every 24 hours. NOTE: This property doesn't correspond to the last seen value in the UI. It pertains to the last device update. |
| osPlatform | String | Operating system platform. |
| onboardingstatus | String | Status of machine onboarding. Possible values are: onboarded, CanBeOnboarded, Unsupported, and InsufficientInfo. |
| osProcessor | String | Operating system processor. Use osArchitecture property instead. |
| version | String | Operating system Version. |
| osBuild | Nullable long | Operating system build number. |
| lastIpAddress | String | Last IP on local NIC on the machine. |
| lastExternalIpAddress | String | Last IP through which the machine accessed the internet. |
| healthStatus | Enum | machine health status. Possible values are: Active, Inactive, ImpairedCommunication, NoSensorData, NoSensorDataImpairedCommunication, and Unknown. |
| rbacGroupName | String | Machine group Name. |
| rbacGroupId | String | Machine group ID. |
| riskScore | Nullable Enum | Risk score as evaluated by Microsoft Defender for Endpoint. Possible values are: None, Informational, Low, Medium, and High. |
| aadDeviceId | Nullable representation Guid | Microsoft Entra Device ID (when machine is Microsoft Entra joined). |
| machineTags | String collection | Set of machine tags. |
| exposureLevel | Nullable Enum | Exposure level as evaluated by Microsoft Defender for Endpoint. Possible values are: None, Low, Medium, and High. |
| deviceValue | Nullable Enum | The value of the device. Possible values are: Normal, Low, and High. |
| ipAddresses | IpAddress collection | Set of IpAddress objects. See Get machines API. |
| osArchitecture | String | Operating system architecture. Possible values are: 32-bit, 64-bit. Use this property instead of osProcessor. |
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.