Forum Discussion
Get Device Inventory list using graph/powershell/cli
Hello,
I am currently in the process of onboarding a set of Windows and Linux servers into Defender for Servers.
I am trying to figure out how I can pull the Device Inventory list located under Microsoft Defender -> Assets -> Device Inventory programmatically.
I tried Get-MgDeviceManagementManagedDevice but this only returns the devices in Intune which does not include the servers.
Thanks
I have written a PowerShell script for you to use for the export of inventory.
Only thing you need to do before it will work, is to create an app registration, create a secret in that app registration, and add WindowsDefenderATP "Machine.Read.All" application permission under API Permissions.# PLEASE UPDATE THESE 3 VARIABLES - REMOVE {} ALSO
$clientID = "{INSERT-APPREGISTRATION-APPID-HERE}"$clientSecret = "{INSERT-APPREGISTRATION-SECRET-HERE}"$tenantID = "{INSERT-TENANTID-HERE}"# DO NOT CHANGE BELOW THIS LINE$body = [Ordered] @{resource = "$resourceAppIdUri"client_id = "$clientID"client_secret = "$clientSecret"grant_type = 'client_credentials'}$response = Invoke-RestMethod -Method Post -Uri $oAuthUri -Body $body -ErrorAction Stop$aadToken = $response.access_token$Headers = @{"Authorization" = "Bearer $($AccessToken)""Content-type" = "application/json"}$headers = @{'Content-Type' = 'application/json'Accept = 'application/json'Authorization = "Bearer $aadToken"}$webResponse = Invoke-WebRequest -Method Get -Uri $url -Headers $headers -ErrorAction Stop$response = $webResponse | ConvertFrom-Json$response | format-table
- jbmartin6Iron ContributorWe use the machines API in MDE: https://learn.microsoft.com/en-us/defender-endpoint/api/get-machines
- JasonW1580Copper ContributorThank you. I was looking in the wrong API. This worked great.
- Chris_toffer0707Iron Contributor
I have written a PowerShell script for you to use for the export of inventory.
Only thing you need to do before it will work, is to create an app registration, create a secret in that app registration, and add WindowsDefenderATP "Machine.Read.All" application permission under API Permissions.# PLEASE UPDATE THESE 3 VARIABLES - REMOVE {} ALSO
$clientID = "{INSERT-APPREGISTRATION-APPID-HERE}"$clientSecret = "{INSERT-APPREGISTRATION-SECRET-HERE}"$tenantID = "{INSERT-TENANTID-HERE}"# DO NOT CHANGE BELOW THIS LINE$body = [Ordered] @{resource = "$resourceAppIdUri"client_id = "$clientID"client_secret = "$clientSecret"grant_type = 'client_credentials'}$response = Invoke-RestMethod -Method Post -Uri $oAuthUri -Body $body -ErrorAction Stop$aadToken = $response.access_token$Headers = @{"Authorization" = "Bearer $($AccessToken)""Content-type" = "application/json"}$headers = @{'Content-Type' = 'application/json'Accept = 'application/json'Authorization = "Bearer $aadToken"}$webResponse = Invoke-WebRequest -Method Get -Uri $url -Headers $headers -ErrorAction Stop$response = $webResponse | ConvertFrom-Json$response | format-table- JasonW1580Copper ContributorThank you for your detailed reply. This was the API I was looking for: https://api.security.microsoft.com/api/machines
I also appreciate the code. It saved me some testing time.
Thanks! - lybinhlapCopper ContributorHi Chris, using https://api.security.microsoft.com/api/machines still missing Antivirus Status information when comparing with exporting Device Inventory from portal. Any idea?
- Chris_toffer0707Iron ContributorHi.
If I browse Defender portal for device inventory, I do not see antivirus status field 🙂
https://security.microsoft.com/machines?category=all-devices.
Could you share the exact location in Defender portal where you see the antivirus status? 🙂