New-MgBetaSecurityAction

New-MgBetaSecurityAction
    [-ResponseHeadersVariable <string>]
    [-ActionReason <string>]
    [-AdditionalProperties <hashtable>]
    [-AppId <string>]
    [-AzureTenantId <string>]
    [-ClientContext <string>]
    [-CompletedDateTime <datetime>]
    [-CreatedDateTime <datetime>]
    [-ErrorInfo <IMicrosoftGraphResultInfo>]
    [-Id <string>]
    [-LastActionDateTime <datetime>]
    [-Name <string>]
    [-Parameters <IMicrosoftGraphKeyValuePair[]>]
    [-States <IMicrosoftGraphSecurityActionState[]>]
    [-Status <string>]
    [-User <string>]
    [-VendorInformation <IMicrosoftGraphSecurityVendorInformation>]
    [-Break]
    [-Headers <IDictionary>]
    [-HttpPipelineAppend <SendAsyncStep[]>]
    [-HttpPipelinePrepend <SendAsyncStep[]>]
    [-Proxy <uri>]
    [-ProxyCredential <pscredential>]
    [-ProxyUseDefaultCredentials]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

New-MgBetaSecurityAction
    -BodyParameter <IMicrosoftGraphSecurityActionAutoGenerated>
    [-ResponseHeadersVariable <string>]
    [-Break]
    [-Headers <IDictionary>]
    [-HttpPipelineAppend <SendAsyncStep[]>]
    [-HttpPipelinePrepend <SendAsyncStep[]>]
    [-Proxy <uri>]
    [-ProxyCredential <pscredential>]
    [-ProxyUseDefaultCredentials]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Create a new securityAction object.

Import-Module Microsoft.Graph.Beta.Security

$params = @{
	name = "BlockIp"
	actionReason = "Test"
	parameters = @(
		@{
			name = "IP"
			value = "1.2.3.4"
		}
	)
	vendorInformation = @{
		provider = "Windows Defender ATP"
		vendor = "Microsoft"
	}
}

New-MgBetaSecurityAction -BodyParameter $params

This example shows how to use the New-MgBetaSecurityAction Cmdlet.

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

{{ Fill in the Description }}

{{ Fill in the Description }}

{{ Fill in the Description }}

COMPLEX PARAMETER PROPERTIES

To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.

BODYPARAMETER <IMicrosoftGraphSecurityActionAutoGenerated>: securityAction [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [ActionReason <String>]: Reason for invoking this action. [AppId <String>]: The Application ID of the calling application that submitted (POST) the action. The appId should be extracted from the auth token and not entered manually by the calling application. [AzureTenantId <String>]: Azure tenant ID of the entity to determine which tenant the entity belongs to (multi-tenancy support). The azureTenantId should be extracted from the auth token and not entered manually by the calling application. [ClientContext <String>]: Unique client context string. Can have a maximum of 256 characters. [CompletedDateTime <DateTime?>]: Timestamp when the action was completed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [CreatedDateTime <DateTime?>]: Timestamp when the action is created. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [ErrorInfo <IMicrosoftGraphResultInfo>]: resultInfo [(Any) <Object>]: This indicates any property can be added to this object. [Code <Int32?>]: The result code. [Message <String>]: The message. [Subcode <Int32?>]: The result sub-code. [LastActionDateTime <DateTime?>]: Timestamp when this action was last updated. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Name <String>]: Action name. [Parameters <IMicrosoftGraphKeyValuePair[]>]: Collection of parameters (key-value pairs) necessary to invoke the action, for example, URL or fileHash to block.). Required. [Name <String>]: Name for this key-value pair [Value <String>]: Value for this key-value pair [States <IMicrosoftGraphSecurityActionState[]>]: Collection of securityActionState to keep the history of an action. [AppId <String>]: The Application ID of the calling application that submitted an update (PATCH) to the action. The appId should be extracted from the auth token and not entered manually by the calling application. [Status <String>]: operationStatus [UpdatedDateTime <DateTime?>]: Timestamp when the actionState was updated. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z [User <String>]: The user principal name of the signed-in user that submitted an update (PATCH) to the action. The user should be extracted from the auth token and not entered manually by the calling application. [Status <String>]: operationStatus [User <String>]: The user principal name of the signed-in user that submitted (POST) the action. The user should be extracted from the auth token and not entered manually by the calling application. [VendorInformation <IMicrosoftGraphSecurityVendorInformation>]: securityVendorInformation [(Any) <Object>]: This indicates any property can be added to this object. [Provider <String>]: Specific provider (product/service - not vendor company); for example, WindowsDefenderATP. [ProviderVersion <String>]: Version of the provider or subprovider, if it exists, that generated the alert. Required [SubProvider <String>]: Specific subprovider (under aggregating provider); for example, WindowsDefenderATP.SmartScreen. [Vendor <String>]: Name of the alert vendor (for example, Microsoft, Dell, FireEye). Required

ERRORINFO <IMicrosoftGraphResultInfo>: resultInfo [(Any) <Object>]: This indicates any property can be added to this object. [Code <Int32?>]: The result code. [Message <String>]: The message. [Subcode <Int32?>]: The result sub-code.

PARAMETERS <IMicrosoftGraphKeyValuePair[]>: Collection of parameters (key-value pairs) necessary to invoke the action, for example, URL or fileHash to block.). Required. [Name <String>]: Name for this key-value pair [Value <String>]: Value for this key-value pair

STATES <IMicrosoftGraphSecurityActionState[]>: Collection of securityActionState to keep the history of an action. [AppId <String>]: The Application ID of the calling application that submitted an update (PATCH) to the action. The appId should be extracted from the auth token and not entered manually by the calling application. [Status <String>]: operationStatus [UpdatedDateTime <DateTime?>]: Timestamp when the actionState was updated. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z [User <String>]: The user principal name of the signed-in user that submitted an update (PATCH) to the action. The user should be extracted from the auth token and not entered manually by the calling application.

VENDORINFORMATION <IMicrosoftGraphSecurityVendorInformation>: securityVendorInformation [(Any) <Object>]: This indicates any property can be added to this object. [Provider <String>]: Specific provider (product/service - not vendor company); for example, WindowsDefenderATP. [ProviderVersion <String>]: Version of the provider or subprovider, if it exists, that generated the alert. Required [SubProvider <String>]: Specific subprovider (under aggregating provider); for example, WindowsDefenderATP.SmartScreen. [Vendor <String>]: Name of the alert vendor (for example, Microsoft, Dell, FireEye). Required