cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Defender for Endpoint permission for part of Devices

Patrick Wahlmüller
MVP

‎Apr 08 2024 04:12 AM - edited ‎Apr 08 2024 04:39 AM

‎Apr 08 2024 04:12 AM - edited ‎Apr 08 2024 04:39 AM

Defender for Endpoint permission for part of Devices

An automation should be able to flag all windows 10 machines in defender for endpoint (only some selected should be flagged, depending on "things")

As it is an automation, we use app registration for permission management.

 

I gave the permission Machine.ReadWrite.All - This works, but I could also flag other machines. So the question is, how can I restrict permissions to Windows 10 machines?

 

It seems to be possible with device groups - but it also seems, that device groups are not intended to do that.

 

Any suggestions / ideas?

 

thanks in advance!

251 Views
1 Like
1 Reply
Reply
1 Reply
DylanInfosec

‎Apr 09 2024 08:36 PM

‎Apr 09 2024 08:36 PM

Re: Defender for Endpoint permission for part of Devices

Hi @Patrick Wahlmüller 

According to the docs here ( M365 Defender - List Machines API ) you should be able to pull the osPlatform alongside any attributes you may be using to filter in your automations.

 

Perhaps you could use this initial "list machines" request to create a set of the Device ID's that meet your constraints and then run the rest of your automation on each device in the resulting set? or something like that..

 

Best!

Dylan

 

0 Likes
Reply