Forum Discussion

JasonW1580's avatar
JasonW1580
Copper Contributor
Aug 06, 2024
Solved

Get Device Inventory list using graph/powershell/cli

Hello, I am currently in the process of onboarding a set of Windows and Linux servers into Defender for Servers.  I am trying to figure out how I can pull the Device Inventory list located under Mi...
  • Chris_toffer0707's avatar
    Chris_toffer0707
    Aug 07, 2024

    JasonW1580 

     

    I have written a PowerShell script for you to use for the export of inventory.
    Only thing you need to do before it will work, is to create an app registration, create a secret in that app registration, and add WindowsDefenderATP "Machine.Read.All" application permission under API Permissions. 

     

    # PLEASE UPDATE THESE 3 VARIABLES - REMOVE {} ALSO

    $clientID = "{INSERT-APPREGISTRATION-APPID-HERE}"
    $clientSecret = "{INSERT-APPREGISTRATION-SECRET-HERE}"
    $tenantID = "{INSERT-TENANTID-HERE}"
     
    # DO NOT CHANGE BELOW THIS LINE
    $oAuthUri = "https://login.microsoftonline.com/$TenantID/oauth2/token"
    $body = [Ordered] @{
        resource = "$resourceAppIdUri"
        client_id = "$clientID"
        client_secret = "$clientSecret"
        grant_type = 'client_credentials'
    }
    $response = Invoke-RestMethod -Method Post -Uri $oAuthUri -Body $body -ErrorAction Stop
    $aadToken = $response.access_token

    $Headers = @{
        "Authorization" = "Bearer $($AccessToken)"
        "Content-type"  = "application/json"
    }

    $headers = @{
        'Content-Type' = 'application/json'
        Accept = 'application/json'
        Authorization = "Bearer $aadToken"
    }

    $webResponse = Invoke-WebRequest -Method Get -Uri $url -Headers $headers -ErrorAction Stop
    $response =  $webResponse | ConvertFrom-Json

    $response | format-table
Chris_toffer0707's avatar
Chris_toffer0707
Iron Contributor
Aug 07, 2024

JasonW1580 

 

I have written a PowerShell script for you to use for the export of inventory.
Only thing you need to do before it will work, is to create an app registration, create a secret in that app registration, and add WindowsDefenderATP "Machine.Read.All" application permission under API Permissions. 

 

# PLEASE UPDATE THESE 3 VARIABLES - REMOVE {} ALSO

$clientID = "{INSERT-APPREGISTRATION-APPID-HERE}"
$clientSecret = "{INSERT-APPREGISTRATION-SECRET-HERE}"
$tenantID = "{INSERT-TENANTID-HERE}"
 
# DO NOT CHANGE BELOW THIS LINE
$oAuthUri = "https://login.microsoftonline.com/$TenantID/oauth2/token"
$body = [Ordered] @{
    resource = "$resourceAppIdUri"
    client_id = "$clientID"
    client_secret = "$clientSecret"
    grant_type = 'client_credentials'
}
$response = Invoke-RestMethod -Method Post -Uri $oAuthUri -Body $body -ErrorAction Stop
$aadToken = $response.access_token

$Headers = @{
    "Authorization" = "Bearer $($AccessToken)"
    "Content-type"  = "application/json"
}

$headers = @{
    'Content-Type' = 'application/json'
    Accept = 'application/json'
    Authorization = "Bearer $aadToken"
}

$webResponse = Invoke-WebRequest -Method Get -Uri $url -Headers $headers -ErrorAction Stop
$response =  $webResponse | ConvertFrom-Json

$response | format-table
JasonW1580's avatar
JasonW1580
Copper Contributor
Aug 07, 2024
Thank you for your detailed reply. This was the API I was looking for: https://api.security.microsoft.com/api/machines
I also appreciate the code. It saved me some testing time.
Thanks!

Resources