Documentation Index
Fetch the complete documentation index at: https://docs.blinkops.com/llms.txt
Use this file to discover all available pages before exploring further.
Retrieves a collection of Machines that have communicated with Microsoft Defender for Endpoint cloud.
The following permissions are required to run this action:
Machine.Read.AllMachine.ReadWrite.All
Parameters
| Parameter | Description |
|---|
| Filter | The filter to apply on the operation. You can filter by computerDnsName, id, version, deviceValue, aadDeviceId, machineTags, lastSeen,exposureLevel, onboardingStatus, lastIpAddress, healthStatus, osPlatform, riskScore and rbacGroupId.
For more information: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/exposed-apis-odata-samples?view=o365-worldwide |
Example Output
{
"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machines",
"value": [
{
"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
"mergedIntoMachineId": null,
"isPotentialDuplication": false,
"isExcluded": false,
"exclusionReason": null,
"computerDnsName": "mymachine1.contoso.com",
"firstSeen": "2018-08-02T14:55:03.7791856Z",
"lastSeen": "2018-08-02T14:55:03.7791856Z",
"osPlatform": [
"Windows10",
"Windows11"
],
"osVersion": null,
"osProcessor": "x64",
"version": "1709",
"lastIpAddress": "172.17.230.209",
"lastExternalIpAddress": "167.220.196.71",
"agentVersion": "<string>",
"osBuild": 18209,
"healthStatus": "Active",
"deviceValue": "<string>",
"rbacGroupId": 140,
"rbacGroupName": "The-A-Team",
"riskScore": "Low",
"exposureLevel": "Medium",
"isAadJoined": true,
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
"machineTags": [
"test tag 1",
"test tag 2"
],
"onboardingStatus": "<string>",
"osArchitecture": "<string>",
"managedBy": "<string>",
"managedByStatus": "<string>",
"ipAddresses": [
{
"ipAddress": "<string>",
"macAddress": null,
"type": "<string>",
"operationalStatus": "<string>"
}
],
"vmMetadata": null
}
]
}
Workflow Library Example
List Machines with Microsoft Defender for Endpoints and Send Results Via Email
