Partners can easily extend their existing security offerings on top of the open framework and a rich and complete set of APIs to build extensions and integrations with Defender for Endpoint. The APIs span functional areas including detection, management, response, vulnerabilities, and intelligence-wide range of use cases. Based on the use case and need, partners […]
Defender for Endpoint supports third-party applications to help enhance the detection, investigation, and threat intelligence capabilities of the platform. The support for third-party solutions helps to further streamline, integrate, and orchestrate defenses from other vendors with Microsoft Defender for Endpoint; enabling security teams to effectively respond better to modern threats. Microsoft Defender for Endpoint seamlessly […]
Ingest alerts using security information and events management (SIEM) tools Note Microsoft Defender for Endpoint Alert is composed from one or more suspicious or malicious events that occurred on the device and their related details. The Microsoft Defender for Endpoint Alert API is the latest API for alert consumption and contain a detailed list of related […]
Endpoint URI and versioning Endpoint URI The service base URI is: https://api.securitycenter.microsoft.com The queries based OData have the ‘/api’ prefix. For example, to get Alerts you can send GET request to https://api.securitycenter.microsoft.com/api/alerts Versioning The API supports versioning. The current version is V1.0. To use a specific version, use this format: https://api.securitycenter.microsoft.com/api/{Version}. For example: https://api.securitycenter.microsoft.com/api/v1.0/alerts If you don’t specify any version […]
Note If you are a US Government customer, please use the URIs listed in Microsoft Defender for Endpoint for US Government customers. Tip For better performance, you can use server closer to your geo location: api-us.securitycenter.microsoft.com api-eu.securitycenter.microsoft.com api-uk.securitycenter.microsoft.com This page describes how to create an application to get programmatic access to Defender for Endpoint on behalf […]
Note If you are a US Government customer, please use the URIs listed in Microsoft Defender for Endpoint for US Government customers. Tip For better performance, you can use server closer to your geo location: api-us.securitycenter.microsoft.com api-eu.securitycenter.microsoft.com api-uk.securitycenter.microsoft.com This page describes how to create an application to get programmatic access to Defender for Endpoint without a […]
Note If you are a US Government customer, please use the URIs listed in Microsoft Defender for Endpoint for US Government customers. Tip For better performance, you can use server closer to your geo location: api-us.securitycenter.microsoft.com api-eu.securitycenter.microsoft.com api-uk.securitycenter.microsoft.com Get Alerts using a simple PowerShell script How long it takes to go through this example? It only […]
Defender for Endpoint exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate workflows and innovate based on Defender for Endpoint capabilities. The API access requires OAuth2.0 authentication. For more information, see OAuth 2.0 Authorization Code Flow. Watch this video for a quick overview of Defender […]
APIs Defender for Endpoint APIs are governed by Microsoft API License and Terms of use. Throttling limits THROTTLING LIMITS Name Calls Renewal period API calls per connection 100 60 seconds Legal Notices Microsoft and any contributors grant you a license to the Microsoft documentation and other content in this repository under the Creative Commons Attribution 4.0 […]
The following information lists the updates made to the Microsoft Defender for Endpoint APIs and the dates they were made. Tip RSS feed: Get notified when this page is updated by copying and pasting the following URL into your feed reader: HTTPCopy /api/search/rss?search=%22Release+notes+for+updates+made+to+the+Microsoft+Defender+for+Endpoint+set+of+APIs%22&locale=en-us&facet=&%24filter=scopes%2Fany%28t%3A+t+eq+%27Windows+10%27%29 Release notes – newest to oldest (dd.mm.yyyy) 06.10.2021 Added new Export assessment […]