Access the Microsoft 365 Defender APIs

0
(0)

Important

The improved Microsoft 365 Defender portal is now available. This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 Defender portal. Learn what’s new.

Applies to:

  • Microsoft 365 Defender

 Important

Some information relates to prereleased product which may be substantially modified before it’s commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

Microsoft 365 Defender exposes much of its data and actions through a set of programmatic APIs. These APIs help you automate workflows and make full use of Microsoft 365 Defender’s capabilities.

In general, you’ll need to take the following steps to use the APIs:

  • Create an Azure Active Directory application
  • Get an access token using this application
  • Use the token to access the Microsoft 365 Defender API

 Note

API access requires OAuth2.0 authentication. For more information, see OAuth 2.0 Authorization Code Flow.

Once you’ve accomplished these steps, you’re ready to access the Microsoft 365 Defender API using a particular context.

Use this context for apps that run without a signed-in user present, such as background services or daemons.

  1. Create an Azure Active Directory web application.
  2. Assign the desired permissions to the application.
  3. Create a key for the application.
  4. Get a security token using the application and its key.
  5. Use the token to access the Microsoft 365 Defender API.

For more information, see Create an app to access Microsoft 365 Defender without a user.

User context

Use this context to perform actions on behalf of a single user.

  1. Create an Azure Active Directory native application.
  2. Assign the desired permission to the application.
  3. Get a security token using the user credentials for the application.
  4. Use the token to access the Microsoft 365 Defender API.

For more information, see Create an app to access Microsoft 365 Defender APIs on behalf of a user.

Partner context

Use this context when you need to provide an app to many users across multiple tenants.

  1. Create an Azure Active Directory multi-tenant application.
  2. Assign the desired permission to the application.
  3. Get admin consent for the app from each tenant.
  4. Get a security token using user credentials based on a customer’s tenant ID.
  5. Use the token to access the Microsoft 365 Defender API.

For more information, see Create an app with partner access to Microsoft 365 Defender APIs.

Source : Official Microsoft Brand
Editor by : BEST Antivirus KBS Team

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

(Visited 6 times, 1 visits today)
Tagged: