Forum Discussion

dmitry_gusev's avatar
dmitry_gusev
Copper Contributor
Jan 24, 2024

How to get/set defender settings with API

Does anyone know if it is possible to retrieve my Defender settings using the API? For example, I need to access: Microsoft Defender -> Settings -> Endpoints -> General -> Advanced Features I notic...
Nathan_McNulty's avatar
Nathan_McNulty
Copper Contributor
May 30, 2025

These are internal service APIs with no supported way to get tokens to talk to them. The Defender portal uses an OBO flow to get tokens to talk to the MTP APIs, and we can no longer request tokens directly.

 

Having said that, if you are willing to use a highly unsupported method, you can use my technique here to talk to these (and any other Defender XDR) APIs: https://github.com/nathanmcnulty/nathanmcnulty/blob/master/DefenderForEndpoint/AutoConfig/README.md#setting-up-our-session-and-cookies

  • rb_account's avatar
    rb_account
    Copper Contributor
    Jun 03, 2025

    Fantastic write up Nathan! Really well documented and certainly something I can use internally.

    Unfortunately unless I'm missing something this won't help for a multi tenant configurations to perform via an App Registration.

    • Nathan_McNulty's avatar
      Nathan_McNulty
      Copper Contributor
      Jun 04, 2025

      Thanks! I'm hoping to convert it all into a PowerShell module later this year, have a lot of other projects that need to be wrapped up first :p

      Unfortunately, there is no way to do this with applications. You will need a real user account (doesn't have to be licensed though). We have played with Entra CBA using a MFA capable cert, store the user cert in AKV, and use that with automation, but that's going to require customer setup that can't be delivered through consent to a multi-tenant app.

Resources