defenderDetectedMalwareActions resource type

Important: APIs under the / beta version in Microsoft Graph are in preview and are subject to change. Use of these APIs in production applications is not supported.

Note: Using the Microsoft Graph APIs to configure Intune controls and policies still requires that the Intune service is correctly licensed by the customer.

Specify Defender’s actions to take on detected Malware per threat level.

Properties

Property Type Description
lowSeverity defenderThreatAction Indicates a Defender action to take for low severity Malware threat detected. Possible values are: deviceDefault, clean, quarantine, remove, allow, userDefined, block.
moderateSeverity defenderThreatAction Indicates a Defender action to take for moderate severity Malware threat detected. Possible values are: deviceDefault, clean, quarantine, remove, allow, userDefined, block.
highSeverity defenderThreatAction Indicates a Defender action to take for high severity Malware threat detected. Possible values are: deviceDefault, clean, quarantine, remove, allow, userDefined, block.
severeSeverity defenderThreatAction Indicates a Defender action to take for severe severity Malware threat detected. Possible values are: deviceDefault, clean, quarantine, remove, allow, userDefined, block.

Relationships

None

JSON Representation

Here is a JSON representation of the resource.

{
  "@odata.type": "#microsoft.graph.defenderDetectedMalwareActions",
  "lowSeverity": "String",
  "moderateSeverity": "String",
  "highSeverity": "String",
  "severeSeverity": "String"
}