Sep 14 2020 08:13 AM
Is there a way to clear all tags in the ATP portal? Right now I only see ways of doing it device by device (in portal and via API). We're instituting new tags and need to remove the old ones.
Sep 14 2020 11:11 AM
Sep 14 2020 12:28 PM
You can use Microsoft Flow to talk to the APIs, but you can get similar results with other tools like Logic Apps to automate machine tagging as well.
Blog post from the Defender ATP team:
Sep 14 2020 01:42 PM
@alexandertuvstrom Love the idea, but the advanced hunting requires premium access. I can do the free trial, but w/o being very knowledgeable in this I worry I'd waste the week just figuring out how to do what is required for what I need. I'll have to figure out the script option. Is there an api reference for ATP anywhere I can look at? I'll search but wanted to ask here as well.
Sep 14 2020 02:05 PM
Oh, I understand. The API access requires OAuth2.0 authentication so you’ll need to take the following steps to use the APIs:
Microsoft defender ATP API reference: https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/add-or-re...
Sep 14 2020 02:23 PM
I found a good script example from anthonws on GitHub:
https://github.com/anthonws/MDATP_PoSh_Scripts/blob/master/API/API_Tag_Sample.ps1