Forum Discussion
Solved
Run Microsoft Defender
Hi,
I have been trying to use the Playbooks to automatically trigger Microsoft Defender for the user who triggered the alert as the alert flags for Malware.
POST https://api.securitycenter.microsoft.com/api/machines/{id}/runAntiVirusScan is the API for it but i'm not sure what "id" refers to here as it doesn't work with device ID (Azure AD). Does anyone know what it refers to?
Thanks.
lolaaa Looks like you can get the machine IDs by making the call on this page: List machines API - Windows security | Microsoft Docs. It will return JSON so you will need to extract the needed ID from that data.
lolaaa Looks like you can get the machine IDs by making the call on this page: List machines API - Windows security | Microsoft Docs. It will return JSON so you will need to extract the needed ID from that data.
