Forum Discussion

mclaes's avatar
mclaes
Brass Contributor
Mar 10, 2020
Solved

MDATP audit logs

Where can we see audit logs of what users in the securitycenter portal are doing? More specifically, if we select a W10 machine and go to 'Action Center', we see, per action, a summary of the last co...
  • StephenMcc's avatar
    StephenMcc
    Mar 25, 2020

    mclaes , you can achieve this programmatically using the List MachineActions API (action history for all machines): https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection

mclaes's avatar
mclaes
Brass Contributor
Mar 26, 2020

StephenMcc Thanks! So easy, the solution and although i've been using the graph explorer api alot, i neglected to look at the MDATP api explorer !

mattcoons's avatar
mattcoons
Copper Contributor
Aug 03, 2021
I'm not seeing that this API shows Live Response session commands, is there another API to get that information?
  • MTayal's avatar
    MTayal
    Iron Contributor
    Nov 21, 2021
    Hi, Can Windows Defender capture all Audit when we are running Surface Hub 2S (which runs Windows Team edition) instead of Pro or Ent

Resources