Forum Discussion
Microsoft defender for endpoint API
Hi, Could anyone please share the Audit logs & get User by Email, id APIs for Windows Microsoft Defender for Endpoint. It is emergency for us.
Hi pavan_bollepalli,
Access Audit Logs API:
- Base URI: https://api.securitycenter.microsoft.com/api
- Endpoint: https://api.securitycenter.microsoft.com/api/auditlogs
Access User API:
- Base URI: https://api.securitycenter.microsoft.com/api
- Endpoint for Email: https://api.securitycenter.microsoft.com/api/users?filter=email eq 'email address removed for privacy reasons'
- Endpoint for ID: https://api.securitycenter.microsoft.com/api/users/{user_id}
API Versioning and Performance:
- Specify version, e.g., https://api.securitycenter.microsoft.com/api/v1.0/auditlogs.
Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.If the post was useful in other ways, please consider giving it Like.
Kindest regards,
Leon Pavesic
(LinkedIn)- Hi Leon Pavesic, I have tried to access the above given APIs but its was showing authorization error. Could you please share the scopes which needed to access the above APIs.
Req : GET https://api.securitycenter.microsoft.com/api/users
Res : {
"error": {
"code": "Unauthorized",
"message": "Invalid Authorization payload.",
"target": "|1d54be6b-498ab41b1a619531."
}
}
Same response for Auditlog also.
