List Machines

Retrieves a collection of Machines that have communicated with Microsoft Defender for Endpoint cloud.

The following permissions are required to run this action:

Machine.Read.All
Machine.ReadWrite.All

External Documentation

To learn more, visit the Microsoft Defender For Endpoints documentation.

Parameters

Parameter	Description
Filter	The filter to apply on the operation. You can filter by computerDnsName, id, version, deviceValue, aadDeviceId, machineTags, lastSeen,exposureLevel, onboardingStatus, lastIpAddress, healthStatus, osPlatform, riskScore and rbacGroupId. For more information: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/exposed-apis-odata-samples?view=o365-worldwide

Example Output

{
    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machines",
    "value": [
        {
            "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
            "computerDnsName": "mymachine1.contoso.com",
            "firstSeen": "2018-08-02T14:55:03.7791856Z",
            "lastSeen": "2018-08-02T14:55:03.7791856Z",
            "osPlatform": "Windows10" "Windows11",
            "version": "1709",
            "osProcessor": "x64",
            "lastIpAddress": "172.17.230.209",
            "lastExternalIpAddress": "167.220.196.71",
            "osBuild": 18209,
            "healthStatus": "Active",
            "rbacGroupId": 140,
            "rbacGroupName": "The-A-Team",
            "riskScore": "Low",
            "exposureLevel": "Medium",
            "isAadJoined": true,
            "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
            "machineTags": [ "test tag 1", "test tag 2" ]
        }
    ]
}

Workflow Library Example

List Machines with Microsoft Defender for Endpoints and Send Results Via Email

Preview this Workflow on desktop

List Machines

Parameters​

Example Output​

Workflow Library Example​

Parameters

Example Output

Workflow Library Example