Apr 08 2024 04:12 AM - edited Apr 08 2024 04:39 AM
An automation should be able to flag all windows 10 machines in defender for endpoint (only some selected should be flagged, depending on "things")
As it is an automation, we use app registration for permission management.
I gave the permission Machine.ReadWrite.All - This works, but I could also flag other machines. So the question is, how can I restrict permissions to Windows 10 machines?
It seems to be possible with device groups - but it also seems, that device groups are not intended to do that.
Any suggestions / ideas?
thanks in advance!
Apr 09 2024 08:36 PM
According to the docs here ( M365 Defender - List Machines API ) you should be able to pull the osPlatform alongside any attributes you may be using to filter in your automations.
Perhaps you could use this initial "list machines" request to create a set of the Device ID's that meet your constraints and then run the rest of your automation on each device in the resulting set? or something like that..
Best!
Dylan
Jun 09 2024 11:32 PM
Jun 10 2024 04:44 AM