Forum Discussion
Use powershell to add a tag to a MS Defender device
Hi, I'm automating some security tasks with the help of powershell. One of the things I'm trying to automate now is the creation of a tag on a Defender device, but didn't found much info abo...
yes, the API for this is straightforward enough, it allows add or remove a tag via POST request
$API = "machines/" + $DeviceId + "/tags"
$Body = @{"Value"=$Tag;"Action"="$Action"}
$Body = $Body | ConvertTo-Json
,
Thanks for the tip. I was already able to do a part of the job, which is extracting the "machineid" from Defender, with this code:
$apiUrl = "https://api-eu.securitycenter.microsoft.com/api/machines?`$filter=computerDnsName eq '$hostname'"
$response = Invoke-RestMethod -Method Get -Uri $apiUrl -Headers $headers
$machineId = $response.value[0].idAnd it's fine as I got the "machineid". But then I'm using this code for the addition of the tag.
$Tag = "tag-test"
$apiUrl = "https://api-eu.securitycenter.microsoft.com/api/machines/$machineId/tags"
$Body = @{"Value"=$Tag;"Action"="Add"}
$Body = $Body | ConvertTo-Json
$response = Invoke-RestMethod -Method Post -Headers $headers -Body $body -Uri $apiUrlAnd I've got the error:
"code": "Unauthorized",
"message": "Invalid Authorization payload."
But on the api permissions I've added the permissions which are written on the documentation, which are "Machine.ReadWriteAll" and "Machine.ReadWrite".
Is there any way I can try to debug why doesn't this session has the permission to write the tag?
Thanks