Microsoft Defender

Collection of Microsoft Defender security APIs for threat protection, endpoint security, and security operations.

8 APIs 0 Features

APIs

Microsoft Defender for Endpoint API

API for endpoint detection and response, threat and vulnerability management, and automated investigation and remediation.

Microsoft Defender for Cloud Apps API

Cloud Access Security Broker (CASB) API for discovering, investigating, and governing cloud apps.

Microsoft Defender Threat Intelligence API

Access threat intelligence data, indicators of compromise (IOCs), and threat analytics.

Microsoft Graph Security API

Unified API for Microsoft security products including Defender alerts, secure scores, and security actions.

Microsoft Defender for Office 365 API

API for email and collaboration protection including anti-phishing, anti-malware, and safe attachments.

Microsoft Defender XDR API

Unified extended detection and response API for automating workflows based on shared incident and advanced hunting tables across Microsoft security products.

Microsoft Defender for Cloud REST API

REST API for unified security management and advanced threat protection across hybrid cloud workloads in Azure, other clouds, and on-premises.

Microsoft Defender for Identity API

API for identity-based attack detection and investigation across on-premises Active Directory and hybrid environments, with sensor management via Microsoft Graph.

Semantic Vocabularies

Microsoft Defender Context

0 classes · 5 properties

JSON-LD

Resources

Documentation Hub

Developer Changelog

Microsoft Graph Explorer

Microsoft Graph Explorer

🔑

Authentication Overview

Authentication Overview

💰

Security Pricing Overview

Security Pricing Overview

Sources

name: Microsoft Defender
description: >-
  Collection of Microsoft Defender security APIs for threat protection, endpoint security,
  and security operations.
image: https://www.microsoft.com/favicon.ico
created: '2024-01-15'
modified: '2026-04-28'
specificationVersion: '0.18'
url: https://raw.githubusercontent.com/api-evangelist/microsoft-defender/refs/heads/main/apis.yml
apis:
  - name: Microsoft Defender for Endpoint API
    description: >-
      API for endpoint detection and response, threat and vulnerability management,
      and automated investigation and remediation.
    image: https://www.microsoft.com/favicon.ico
    humanUrl: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/
    baseUrl: https://api.securitycenter.microsoft.com/api
    tags:
      - EDR
      - Endpoint Security
      - Threat Detection
      - Vulnerability Management
    properties:
      - type: Documentation
        url: https://learn.microsoft.com/en-us/defender-endpoint/api/apis-intro
      - type: OpenAPI
        url: openapi/microsoft-defender-for-endpoint-api-openapi.yml
      - type: JSONSchema
        url: json-schema/microsoft-defender-alert-schema.json
      - type: JSONLD
        url: json-ld/microsoft-defender-context.jsonld
      - type: Authentication
        url: https://learn.microsoft.com/en-us/defender-endpoint/api/exposed-apis-create-app-webapp
      - type: Pricing
        url: https://www.microsoft.com/en-us/security/business/endpoint-security/microsoft-defender-endpoint-pricing
      - type: API Reference
        url: https://learn.microsoft.com/en-us/defender-endpoint/api/exposed-apis-list
      - type: Release Notes
        url: https://learn.microsoft.com/en-us/defender-endpoint/api/api-release-notes
      - type: Management APIs
        url: https://learn.microsoft.com/en-us/defender-endpoint/api/management-apis
      - type: Alerts API
        url: https://learn.microsoft.com/en-us/defender-endpoint/api/get-alerts
      - type: Vulnerabilities API
        url: https://learn.microsoft.com/en-us/defender-endpoint/api/get-all-vulnerabilities
      - type: Security Recommendations API
        url: https://learn.microsoft.com/en-us/defender-endpoint/api/get-security-recommendations
    contact:
      - type: Support
        url: https://learn.microsoft.com/en-us/defender-endpoint/api/troubleshoot-api
  - name: Microsoft Defender for Cloud Apps API
    description: >-
      Cloud Access Security Broker (CASB) API for discovering, investigating, and
      governing cloud apps.
    image: https://www.microsoft.com/favicon.ico
    humanUrl: https://learn.microsoft.com/en-us/defender-cloud-apps/
    baseUrl: https://portal.cloudappsecurity.com/api
    tags:
      - CASB
      - Cloud Security
      - Data Protection
      - Shadow IT
    properties:
      - type: Documentation
        url: https://learn.microsoft.com/en-us/defender-cloud-apps/api-introduction
      - type: Authentication
        url: https://learn.microsoft.com/en-us/defender-cloud-apps/api-authentication
      - type: Activities API
        url: https://learn.microsoft.com/en-us/defender-cloud-apps/api-activities
      - type: Alerts API
        url: https://learn.microsoft.com/en-us/defender-cloud-apps/api-alerts
      - type: Entities API
        url: https://learn.microsoft.com/en-us/defender-cloud-apps/api-entities
      - type: Cloud Discovery API
        url: https://learn.microsoft.com/en-us/defender-cloud-apps/api-discovery
  - name: Microsoft Defender Threat Intelligence API
    description: >-
      Access threat intelligence data, indicators of compromise (IOCs), and threat
      analytics.
    image: https://www.microsoft.com/favicon.ico
    humanUrl: https://learn.microsoft.com/en-us/defender/threat-intelligence/
    baseUrl: https://graph.microsoft.com/v1.0/security/threatIntelligence
    tags:
      - IOC
      - Security Intelligence
      - Threat Analytics
      - Threat Intelligence
    properties:
      - type: Documentation
        url: https://learn.microsoft.com/en-us/graph/api/resources/security-threatintelligence-overview
      - type: API Reference
        url: https://learn.microsoft.com/en-us/graph/api/resources/security-api-overview
      - type: Authentication
        url: https://learn.microsoft.com/en-us/graph/auth/
  - name: Microsoft Graph Security API
    description: >-
      Unified API for Microsoft security products including Defender alerts, secure
      scores, and security actions.
    image: https://www.microsoft.com/favicon.ico
    humanUrl: https://learn.microsoft.com/en-us/graph/security-concept-overview
    baseUrl: https://graph.microsoft.com/v1.0/security
    tags:
      - Alerts
      - Secure Score
      - Security Graph
      - Threat Protection
    properties:
      - type: Documentation
        url: https://learn.microsoft.com/en-us/graph/api/resources/security-api-overview
      - type: OpenAPI
        url: https://developer.microsoft.com/en-us/graph/graph-explorer
      - type: SDKs
        url: https://learn.microsoft.com/en-us/graph/sdks/sdks-overview
      - type: Code Samples
        url: https://learn.microsoft.com/en-us/graph/api/resources/security-api-overview#common-use-cases
  - name: Microsoft Defender for Office 365 API
    description: >-
      API for email and collaboration protection including anti-phishing, anti-malware,
      and safe attachments.
    image: https://www.microsoft.com/favicon.ico
    humanUrl: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/
    baseUrl: https://graph.microsoft.com/v1.0/security
    tags:
      - Collaboration Security
      - Email Security
      - Phishing Protection
      - Safe Attachments
    properties:
      - type: Documentation
        url: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/defender-for-office-365
      - type: Threat Protection
        url: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/threat-explorer
      - type: Safe Links
        url: https://learn.microsoft.com/en-us/defender-office-365/safe-links-about
      - type: Safe Attachments
        url: https://learn.microsoft.com/en-us/defender-office-365/safe-attachments-about
      - type: Service Description
        url: https://learn.microsoft.com/en-us/office365/servicedescriptions/office-365-advanced-threat-protection-service-description
  - name: Microsoft Defender XDR API
    description: >-
      Unified extended detection and response API for automating workflows based on
      shared incident and advanced hunting tables across Microsoft security products.
    image: https://www.microsoft.com/favicon.ico
    humanUrl: https://learn.microsoft.com/en-us/defender-xdr/api-overview
    baseUrl: https://api.security.microsoft.com/api
    tags:
      - Advanced Hunting
      - Event Streaming
      - Incidents
      - Threat Protection
      - XDR
    properties:
      - type: Documentation
        url: https://learn.microsoft.com/en-us/defender-xdr/api-overview
      - type: API Reference
        url: https://learn.microsoft.com/en-us/defender-xdr/api-supported
      - type: Authentication
        url: https://learn.microsoft.com/en-us/defender-xdr/api-access
      - type: Incidents API
        url: https://learn.microsoft.com/en-us/defender-xdr/api-incident
      - type: Advanced Hunting API
        url: https://learn.microsoft.com/en-us/defender-xdr/api-advanced-hunting
      - type: Streaming API
        url: https://learn.microsoft.com/en-us/defender-xdr/streaming-api
      - type: Supported Event Types
        url: https://learn.microsoft.com/en-us/defender-xdr/supported-event-types
      - type: Error Codes
        url: https://learn.microsoft.com/en-us/defender-xdr/api-error-codes
  - name: Microsoft Defender for Cloud REST API
    description: >-
      REST API for unified security management and advanced threat protection across
      hybrid cloud workloads in Azure, other clouds, and on-premises.
    image: https://www.microsoft.com/favicon.ico
    humanUrl: https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-cloud-introduction
    baseUrl: https://management.azure.com
    tags:
      - Azure Security
      - Cloud Security
      - CSPM
      - Security Posture
      - Workload Protection
    properties:
      - type: Documentation
        url: https://learn.microsoft.com/en-us/rest/api/defenderforcloud/
      - type: Getting Started
        url: https://learn.microsoft.com/en-us/azure/defender-for-cloud/get-started
      - type: Pricing
        url: https://azure.microsoft.com/en-us/pricing/details/defender-for-cloud/
      - type: Release Notes
        url: https://learn.microsoft.com/en-us/azure/defender-for-cloud/release-notes
  - name: Microsoft Defender for Identity API
    description: >-
      API for identity-based attack detection and investigation across on-premises
      Active Directory and hybrid environments, with sensor management via Microsoft
      Graph.
    image: https://www.microsoft.com/favicon.ico
    humanUrl: https://learn.microsoft.com/en-us/defender-for-identity/
    baseUrl: https://graph.microsoft.com/v1.0/security/identities
    tags:
      - Active Directory
      - Identity Security
      - Identity Threat Detection
      - Sensor Management
    properties:
      - type: Documentation
        url: https://learn.microsoft.com/en-us/defender-for-identity/
      - type: Overview
        url: https://learn.microsoft.com/en-us/defender-for-identity/what-is
      - type: Architecture
        url: https://learn.microsoft.com/en-us/defender-for-identity/architecture
      - type: Graph Security API
        url: https://learn.microsoft.com/en-us/graph/api/resources/security-api-overview
maintainers:
  - FN: Kin Lane
    email: [email protected]
common:
  - type: Portal
    url: https://security.microsoft.com
  - type: Documentation Hub
    url: https://learn.microsoft.com/en-us/microsoft-365/security/
  - type: Status Page
    url: https://status.azure.com/
  - type: Terms of Service
    url: https://www.microsoft.com/en-us/legal/terms-of-use
  - type: Privacy Policy
    url: https://privacy.microsoft.com/en-us/privacystatement
  - type: Developer Changelog
    url: https://developer.microsoft.com/en-us/changelog
  - type: Security Blog
    url: https://www.microsoft.com/en-us/security/blog/
  - type: Microsoft Graph Explorer
    url: https://developer.microsoft.com/en-us/graph/graph-explorer
  - type: Authentication Overview
    url: https://learn.microsoft.com/en-us/graph/auth/
  - type: Security Pricing Overview
    url: https://www.microsoft.com/en-us/security/pricing-overview