MDE List Machine API Results Discrepancy

Copper Contributor

Hi-

 

I'm currently using the MDE List Machine API to pull device information for my logic app to populate an excel file. I am able to create an excel file and populate it with most device information using the logic app, however when i compare the results to the results if i manually export the Computers and Mobile device list from the MDE Device Inventory, I notice that the logic app file is showing 2500 less devices. Why is this happening? Both files are filtering for the same values and are being pulled on the same weekly time frame. I am also removing duplicate values by device name from both. Does the API and manual export pull devices differently?

3 Replies
Possible you are hitting the 10k records limit on the API?

@jbmartin6 

There are around 27,000 devices in my organization, so i have 3 separate API calls in my logic app that each pull 10,000 entries. So the first API would include $top=10,000&$skip=0, the next API would include $top=10,000&$skip=10000, and the last API would include $top=10,000&$skip=20000. My logic app produces 24,000 device results in the excel file, which is around 3000 less than what's expected. If my logic app is truly pulling all devices possible, I'm not sure why there's still a discrepancy. By the way I'm using this List Machines API: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/api/get-machines?view=o36...

I have no idea why you see this, just a couple thoughts though FWIW.

I understand that if you just request all the machines, the response will include a link to the next page. I forget the details on this since I haven't had to use it myself. I wonder if you follow that link instead of using direct skips you would see different results.

Do the missing 3000 devices have some common factor, maybe last seen date?