| title | description | ms.service | f1.keywords | ms.author | author | ms.localizationpriority | manager | audience | ms.collection | ms.topic | search.appverid | ms.custom | ms.date | ||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Overview of Microsoft Defender XDR APIs |
Learn about the available APIs in Microsoft Defender XDR |
defender-xdr |
|
macapara |
mjcaparas |
medium |
dansimp |
ITPro |
|
reference |
|
api |
02/08/2024 |
[!INCLUDE Microsoft Defender XDR rebranding]
Applies to:
- Microsoft Defender XDR
Note
Try our new APIs using MS Graph security API. Find out more at: Use the Microsoft Graph security API - Microsoft Graph | Microsoft Learn.
Important
Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Microsoft Defender XDR is built on top of an integration-ready platform.
Use the Microsoft Defender XDR APIs to automate workflows based on the shared incident and advanced hunting tables.
-
Combined incidents queue - Focus on what's critical by grouping the full attack scope and all impacted assets together under the incident API.
-
Cross-product threat hunting - Leverage your security team's organizational knowledge to hunt for signs of compromise, by creating your own custom queries to sift over raw data collected across multiple protection products.
-
Event streaming API - Ship real-time events and alerts in a single data stream as they occur.
Along with these Microsoft Defender XDR-specific APIs, each of our other security products expose additional APIs to help you take advantage of their unique capabilities.
Note
The transition to the unified portal should not affect the PowerBi dashboards based on Microsoft Defender for Endpoint APIs. You can continue to work with the existing APIs regardless of the interactive portal transition.
Watch this short video to learn how you can use Microsoft Defender XDR to automate workflows and integrate apps.
[!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4d73M?rel=0]
| Understand how to access the APIs |
|---|
| [Use the Microsoft Graph security API - Microsoft Graph |
| Learn about API quotas and licensing |
| Access the Microsoft Defender XDR APIs |
| Build apps |
| Create a 'Hello world' app |
| Create an app to access Microsoft Defender XDR APIs on behalf of a user |
| Create an app to access Microsoft Defender XDR without a user |
| Create an app with multi-tenant partner access to Microsoft Defender XDR APIs |
| Troubleshoot and maintain your apps |
| Understand API error codes |
| Manage secrets in your apps with Azure Key Vault |
| Implement OAuth 2.0 authorization for user sign in |
| [!INCLUDE Microsoft Defender XDR rebranding] |