Exclude Device in Defender for endpoint

Question

In the DfE GUI on security.microsoft.com it is possible to exclude a device manually adding a justification (eg Duplicate device) and additional Notes.
Now I'd like to use an API - probably the Windows Defender ATP API - for this task.
But it seems it is only possible to offboard the device, but not to exclude it.
&nbsp;
Is it somehow possible to exclude the device via an API?
&nbsp;
tia

elieelkarkafi · Answer

pwahlmueller&nbsp;i think the only supported MDE APIs are as follow in the link&nbsp;
&nbsp;
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/api/exposed-apis-list?view=o365-worldwide#in-this-section
and from the machine action section , most of the actions are listed except the exclude device action&nbsp;
&nbsp;
machineAction resource type | Microsoft Learn
&nbsp;
I will ask in the CCP is there is a roadmap for this&nbsp;

pwahlmueller · Answer

Oh thank you. Would be great to hear, if there is something planned.

lukescott · Answer

Hey&nbsp;elieelkarkafi&nbsp;,&nbsp;Do you have an update regarding this?&nbsp;&nbsp;Also, is there a specific reason why the offboard machine action is OS-specific?&nbsp;&nbsp;Kind regards,&nbsp;&nbsp;Luke

perb · Answer

elieelkarkafi&nbsp;Any update?

elieelkarkafi · Answer

lukescott&nbsp;now the offboard script is available on the portal for MacOS and Linux Devices&nbsp;

&nbsp;

Forum Discussion

Exclude Device in Defender for endpoint

7 Replies

Resources