Defender for Office - API for detections and status

Copper Contributor

Hello everyone,

We would like to transfer data from “Microsoft Defender for Office” to our own dashboard using HTTP REST API or an API.

Unfortunately, I can find little to nothing about this.

Are there any options for this?

Best regards

2 Replies
You have to be more specific here, what data exactly are you looking to expose? Some might be available in the Graph, some only via PowerShell, some not at all. In Graph, your best option is probably the hunting query: https://learn.microsoft.com/en-us/graph/api/security-security-runhuntingquery?view=graph-rest-1.0&ta...

@VasilMichev 

Thanks for your answer. This looks workable at the first sight. I'll take a look next days.

 

Our goal:

We want to display data on our security status from our heterogeneous landscape on a standardized dashboard. Therefore we use power automate to extract the data, while power apps is currently used to display it on the dashboard.

Accordingly, I need an API (ideally REST 😉 ) to access the data of the product or the “Defender for Office” solution. We use this as an e-mail security solution and accordingly we would like to read out all key figures of the e-mail security.
For example:
- Number of mails that were moved to quarantine within the [time period].
- Number of emails that were released from quarantine by users within the [time period
- Number of emails that were requested to be released from quarantine by users within the [time period].
- Number of payloads that were blocked (and which payload this was)
- ... further examples, etc.