The following permissions are required to run this action:

  • Machine.Read.All
  • Machine.ReadWrite.All

To learn more, visit the Microsoft Defender For Endpoints documentation.

Parameters

ParameterDescription
FilterThe filter to apply on the operation. You can filter by computerDnsName, id, version, deviceValue, aadDeviceId, machineTags, lastSeen,exposureLevel, onboardingStatus, lastIpAddress, healthStatus, osPlatform, riskScore and rbacGroupId.For more information: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/exposed-apis-odata-samples?view=o365-worldwide

Example Output

{    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machines",    "value": [        {            "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",            "computerDnsName": "mymachine1.contoso.com",            "firstSeen": "2018-08-02T14:55:03.7791856Z",            "lastSeen": "2018-08-02T14:55:03.7791856Z",            "osPlatform": "Windows10" "Windows11",            "version": "1709",            "osProcessor": "x64",            "lastIpAddress": "172.17.230.209",            "lastExternalIpAddress": "167.220.196.71",            "osBuild": 18209,            "healthStatus": "Active",            "rbacGroupId": 140,            "rbacGroupName": "The-A-Team",            "riskScore": "Low",            "exposureLevel": "Medium",            "isAadJoined": true,            "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",            "machineTags": [ "test tag 1", "test tag 2" ]        }    ]}

Workflow Library Example

List Machines with Microsoft Defender for Endpoints and Send Results Via Email

Preview this Workflow on desktop

List Machine ActionsMicrosoft Defender For Endpoints Custom Action