List Machines
Retrieves a collection of Machines that have communicated with Microsoft Defender for Endpoint cloud.
One of the following permissions is required to run this action:
Machine.ReadMachine.ReadWriteMachine.ReadWrite.All
External Documentation
To learn more, visit the Microsoft Defender For Endpoints documentation.
Parameters
| Parameter | Description |
|---|---|
| Filter | The filter to apply on the operation. You can filter by computerDnsName, id, version, deviceValue, aadDeviceId, machineTags, lastSeen,exposureLevel, onboardingStatus, lastIpAddress, healthStatus, osPlatform, riskScore and rbacGroupId. For more information: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/exposed-apis-odata-samples?view=o365-worldwide |
Example Output
{
"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machines",
"value": [
{
"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
"computerDnsName": "mymachine1.contoso.com",
"firstSeen": "2018-08-02T14:55:03.7791856Z",
"lastSeen": "2018-08-02T14:55:03.7791856Z",
"osPlatform": "Windows10" "Windows11",
"version": "1709",
"osProcessor": "x64",
"lastIpAddress": "172.17.230.209",
"lastExternalIpAddress": "167.220.196.71",
"osBuild": 18209,
"healthStatus": "Active",
"rbacGroupId": 140,
"rbacGroupName": "The-A-Team",
"riskScore": "Low",
"exposureLevel": "Medium",
"isAadJoined": true,
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
"machineTags": [ "test tag 1", "test tag 2" ]
}
]
}
Workflow Library Example
List Machines with Microsoft Defender for Endpoints and Send Results Via Email
Preview this Workflow on desktop