Feb 22 2021 07:23 PM
Hi,
I have been trying to use the Playbooks to automatically trigger Microsoft Defender for the user who triggered the alert as the alert flags for Malware.
POST https://api.securitycenter.microsoft.com/api/machines/{id}/runAntiVirusScan is the API for it but i'm not sure what "id" refers to here as it doesn't work with device ID (Azure AD). Does anyone know what it refers to?
Thanks.
Feb 23 2021 05:16 AM
Solution@lolaaa Looks like you can get the machine IDs by making the call on this page: List machines API - Windows security | Microsoft Docs. It will return JSON so you will need to extract the needed ID from that data.
Feb 23 2021 05:16 AM
Solution@lolaaa Looks like you can get the machine IDs by making the call on this page: List machines API - Windows security | Microsoft Docs. It will return JSON so you will need to extract the needed ID from that data.