Skip to main content
Retrieves a collection of possible Machine actions in Microsoft Defender for Endpoints. The following permissions are required to run this action:
  • Machine.ReadWrite.All
  • Machine.Read.All
External DocumentationTo learn more, visit the Microsoft Defender For Endpoints documentation.

Parameters

ParameterDescription
FilterThe filter to apply on the operation. You can filter by id, status, machineId, type, requestor, and creationDateTimeUtc.
For more information: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/exposed-apis-odata-samples?view=o365-worldwide

Example Output

{
	"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#MachineActions",
	"value": [
		{
			"id": "69dc3630-1ccc-4342-acf3-35286eec741d",
			"type": "CollectInvestigationPackage",
			"scope": null,
			"requestor": "Analyst@contoso.com",
			"requestorComment": "test",
			"status": "Succeeded",
			"machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f",
			"computerDnsName": "desktop-39g9tgl",
			"creationDateTimeUtc": "2018-12-04T12:43:57.2011911Z",
			"lastUpdateTimeUtc": "2018-12-04T12:45:25.4049122Z",
			"relatedFileInfo": null
		},
		{
			"id": "2e9da30d-27f6-4208-81f2-9cd3d67893ba",
			"type": "RunAntiVirusScan",
			"scope": "Full",
			"requestor": "Analyst@contoso.com",
			"requestorComment": "Check machine for viruses due to alert 3212",
			"status": "Succeeded",
			"machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f",
			"computerDnsName": "desktop-39g9tgl",
			"creationDateTimeUtc": "2018-12-04T12:18:27.1293487Z",
			"lastUpdateTimeUtc": "2018-12-04T12:18:57.5511934Z",
			"relatedFileInfo": null
		},
		{
			"id": "44cffc15-0e3d-4cbf-96aa-bf76f9b27f5e",
			"type": "StopAndQuarantineFile",
			"scope": null,
			"requestor": "Analyst@contoso.com",
			"requestorComment": "test",
			"status": "Succeeded",
			"machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f",
			"computerDnsName": "desktop-39g9tgl",
			"creationDateTimeUtc": "2018-12-04T12:15:40.6052029Z",
			"lastUpdateTimeUtc": "2018-12-04T12:16:14.2899973Z",
			"relatedFileInfo": {
				"fileIdentifier": "a0c659857ccbe457fdaf5fe21d54efdcbf6f6508",
				"fileIdentifierType": "Sha1"
			}
		}
	]
}

Workflow Library Example

List Machine Actions with Microsoft Defender for Endpoints and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop