Skip to main content

Get Machine

Read properties and relationships of a single Machine object.

One of the following permissions is required to run this action:

  • Machine.Read
  • Machine.ReadWrite
  • Machine.ReadWrite.All
External Documentation

To learn more, visit the Microsoft Defender For Endpoints documentation.

Parameters

ParameterDescription
Machine IDThe ID of the machine. Can be obtained using the List Machines action.

Example Output

{
    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machine",
    "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
    "computerDnsName": "mymachine1.contoso.com",
    "firstSeen": "2018-08-02T14:55:03.7791856Z",
    "lastSeen": "2018-08-02T14:55:03.7791856Z",
    "osPlatform": "Windows10" "Windows11",
    "version": "1709",
    "osProcessor": "x64",
    "lastIpAddress": "172.17.230.209",
    "lastExternalIpAddress": "167.220.196.71",
    "osBuild": 18209,
    "healthStatus": "Active",
    "rbacGroupId": 140,
    "rbacGroupName": "The-A-Team",
    "riskScore": "Low",
    "exposureLevel": "Medium",
    "isAadJoined": true,
    "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
    "machineTags": [ "test tag 1", "test tag 2" ]
}

Workflow Library Example

Get Machine with Microsoft Defender for Endpoints and Send Results Via Email

Workflow LibraryPreview this Workflow on desktop