Welcome to the Microsoft 365 Defender PowerShell Module!
This module is a collection of easy-to-use cmdlets and functions designed to make it easy to interface with the Microsoft Defender 365 solutions API.
This PowerShell module is stil in development, as soon as we have a reasonable amount of cmdlets, the module will be published to the PowerShell Gallery.
Here's the to do list
To use this PowerShell Module, you will need to register an app in Azure Active Directory, create a client secret and grant API permissions to the app. For a complete list of API permissions see API Permissions
By default the cmdlets in the PSMD Module tries to retrieve the credentials to access the API from the psmdconfig.json file.
{
"API_PSMD": {
"AppName": "PSMD",
"TenantId": "<TENANT ID>",
"ClientId": "<APP REGISTRATION APP ID>",
"ClientSecret": "<APP REGISTRATION Client Securet>"
}
}If you have an idea or want to contribute to this project please submit a suggestion
Alex Verboon Twitter
Dan Lacher Twitter
| Version | Date | Notes |
|---|---|---|
| 0.0.1 | 23.04.2022 | Initial Release |
I am going to assume that you are familiar with Microsoft 365 Defender as such and understand the consequences of triggering actions on devices or other entities within Microsoft 365 Defender, Azure or AzureAD. Where applicable the cmdlets support the use the -whatif parameter. Think before pressing the key!
The maintainers for ths PowerShell Module are not responsible for any damage caused by using this module.