Important
The improved Microsoft 365 Defender portal is now available. This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 Defender portal. Learn what’s new.
Applies to:
- Microsoft 365 Defender
Important
Some information relates to prereleased product which may be substantially modified before it’s commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
List of available APIs
| Article | Description |
|---|---|
| Advanced Hunting API | Run Advanced Hunting queries. |
| Incident APIs | List and update incidents, along with other practical tasks. |
| Streaming API | Ship real-time events and alerts as they occur in a single data stream. |
Endpoint URIs
The base URI for both of the main APIs is: https://api.security.microsoft.com. For better performance, use a server closer to your geolocation:
- The United States: api-us.security.microsoft.com
- Europe: api-eu.security.microsoft.com
- The United Kingdom: api-uk.security.microsoft.com
Tokens can be acquired by accessing https://api.security.microsoft.com.
All APIs along the /api path use the OData Protocol; for example, https://api.security.microsoft.com/api/incidents.