[Index]
Model ref.: device/mssecurity/Machine
The full URL would include the host-proxy name: https://[host-proxy].
Variables are enclosed in square brackets.
{
"$schema": "http://json-schema.org/draft-03/schema",
"type": "object",
"properties": {
"id": {
"title": "Machine ID",
"type": "string",
"description": "machine identity",
"readonly": true
},
"computerDnsName": {
"title": "Computer DNS Name",
"type": "string",
"description": "machine fully qualified name",
"readonly": true
},
"firstSeen": {
"title": "First Seen",
"type": "string",
"format": "date-time",
"description": "First date and time where the machine was observed by Microsoft Defender for Endpoint",
"readonly": true
},
"lastSeen": {
"title": "Last Seen",
"type": "string",
"format": "date-time",
"description": "Time and date of the last received full device report. A device typically sends a full report every 24 hours",
"readonly": true
},
"osPlatform": {
"title": "OS Platform",
"type": "string",
"description": "Operating system platform",
"readonly": true
},
"version": {
"title": "OS Version",
"type": "string",
"description": "Operating system Version",
"readonly": true
},
"osBuild": {
"title": "OS Build",
"type": [
"integer",
"null"
],
"description": "Operating system build number",
"readonly": true
},
"lastIpAddress": {
"title": "Last IP Address",
"type": "string",
"description": "Last IP on local NIC on the machine",
"readonly": true
},
"lastExternalIpAddress": {
"title": "Last External IP Address",
"type": "string",
"description": "Last IP through which the machine accessed the internet",
"readonly": true
},
"healthStatus": {
"title": "Health Status",
"type": "string",
"description": "machine health status",
"enum": [
"Active",
"Inactive",
"ImpairedCommunication",
"NoSensorData",
"NoSensorDataImpairedCommunication",
"Unknown"
],
"readonly": true
},
"rbacGroupName": {
"title": "RBAC Group Name",
"type": "string",
"description": "Machine group Name",
"readonly": true
},
"rbacGroupId": {
"title": "RBAC Group ID",
"type": "string",
"description": "Machine group ID",
"readonly": true
},
"riskScore": {
"title": "Risk Score",
"type": [
"string",
"null"
],
"description": "Risk score as evaluated by Microsoft Defender for Endpoint",
"enum": [
"None",
"Informational",
"Low",
"Medium",
"High"
],
"readonly": true
},
"aadDeviceId": {
"title": "AAD Device ID",
"type": [
"string",
"null"
],
"description": "Microsoft Entra Device ID (when machine is Microsoft Entra joined)",
"readonly": true
},
"machineTags": {
"title": "Machine Tags",
"type": "array",
"description": "Set of machine tags",
"items": {
"type": "string"
},
"readonly": true
},
"exposureLevel": {
"title": "Exposure Level",
"type": [
"string",
"null"
],
"description": "Exposure level as evaluated by Microsoft Defender for Endpoint",
"enum": [
"None",
"Low",
"Medium",
"High"
],
"readonly": true
},
"deviceValue": {
"title": "Device Value",
"type": [
"string",
"null"
],
"description": "The value of the device",
"enum": [
"Normal",
"Low",
"High"
],
"readonly": true
},
"onboardingStatus": {
"title": "Onboarding Status",
"type": "string",
"description": "Status of machine onboarding",
"enum": [
"onboarded",
"CanBeOnboarded",
"Unsupported",
"InsufficientInfo"
],
"readonly": true
},
"osArchitecture": {
"title": "OS Architecture",
"type": "string",
"description": "Operating system architecture",
"enum": [
"32-bit",
"64-bit"
],
"readonly": true
},
"managedBy": {
"title": "Managed By",
"type": "string",
"readonly": true
},
"ipAddresses": {
"title": "IP Addresses",
"type": "array",
"description": "Set of IpAddress objects",
"items": {
"type": "object",
"properties": {
"ipAddress": {
"title": "IP Address",
"type": "string",
"readonly": true
},
"macAddress": {
"title": "MAC Address",
"type": [
"string",
"null"
],
"readonly": true
},
"type": {
"title": "Type",
"type": "string",
"readonly": true
},
"operationalStatus": {
"title": "Operational Status",
"type": "string",
"readonly": true
}
}
}
},
"vmMetadata": {
"title": "VM Metadata",
"type": "object",
"properties": {
"vmId": {
"title": "VM ID",
"type": "string",
"readonly": true
},
"cloudProvider": {
"title": "Cloud Provider",
"type": "string",
"readonly": true
},
"resourceId": {
"title": "Resource ID",
"type": "string",
"readonly": true
},
"subscriptionId": {
"title": "Subscription ID",
"type": "string",
"readonly": true
}
},
"readonly": true
}
},
"schema_version": "1.0"
}
| Task | Call | URL | Parameters | Response |
|---|---|---|---|---|
| List | GET | /api/device/mssecurity/Machine/ |
|
The device/mssecurity/Machine schema and all instances as JSON. |
(The list will return 0 to 3 device/mssecurity/Machine instances)
{
"pagination": {
"skip": 0,
"limit": 3,
"maximum_limit": 2000,
"total": 0,
"total_limit": null,
"order_by": "computerDnsName",
"direction": "asc",
"current": "/api/device/mssecurity/Machine/?skip=0&limit=3&order_by=computerDnsName&direction=asc&traversal=down"
},
"operations": [
"list"
],
"meta": {
"model_type": "device/mssecurity/Machine",
"summary_attrs": [
{
"name": "computerDnsName",
"title": "Computer DNS Name"
},
{
"name": "osPlatform",
"title": "OS Platform"
},
{
"name": "version",
"title": "OS Version"
},
{
"name": "lastIpAddress",
"title": "Last IP Address"
},
{
"name": "healthStatus",
"title": "Health Status"
},
{
"name": "riskScore",
"title": "Risk Score"
},
{
"name": "exposureLevel",
"title": "Exposure Level"
},
{
"name": "onboardingStatus",
"title": "Onboarding Status"
},
{
"name": "hierarchy_friendly_name",
"title": "Located At",
"allow_filtering": true
}
],
"tagged_versions": [],
"tags": [],
"title": "",
"business_key": {},
"api_version": "21.2",
"cached": true,
"references": {
"children": [],
"parent": [
{
"href": "/api/data/HierarchyNode/6t0ggef2c0deab00hb595101",
"pkid": "6t0ggef2c0deab00hb595101"
}
],
"device": [
{
"href": "",
"pkid": ""
}
],
"foreign_key": []
},
"model_specific_actions": [
"list",
"get",
"update"
],
"schema_version": "1.0",
"actions": [
{
"list": {
"method": "GET",
"class": "list",
"href": "/api/device/mssecurity/Machine/?hierarchy=[hierarchy]",
"support_async": false,
"title": "List"
}
},
{
"purge": {
"method": "POST",
"class": "purge",
"href": "/api/device/mssecurity/Machine/purge/?hierarchy=[hierarchy]",
"support_async": false,
"title": "Purge"
}
}
]
},
"resources": []
}
| Task | Call | URL | Parameters | Response |
|---|---|---|---|---|
| Purge | POST | /api/device/mssecurity/Machine/purge/ |
|
| Task | Call | URL | Parameters | Payload |
|---|---|---|---|---|
| Modify | PUT | /api/device/mssecurity/Machine/[pkid] | hierarchy=[hierarchy] | (For payload specification) |
For Bulk modification, refer to the Bulk Modify section.
| Task | Call | URL | Parameters | Response |
|---|---|---|---|---|
| Get | GET | /api/device/mssecurity/Machine/[pkid] | hierarchy=[hierarchy] | The device/mssecurity/Machine instance with [pkid]. |
| Task | Call | URL | Parameters | Payload |
|---|---|---|---|---|
| Purge | POST | /api/device/mssecurity/Machine/[pkid]/purge | hierarchy=[hierarchy] | If payload required: |