访问 Microsoft Defender for Endpoint APIAccess the Microsoft Defender for Endpoint APIs

适用于:Applies to:

适用于:Applies to:

想要体验 Microsoft Defender for Endpoint?Want to experience Microsoft Defender for Endpoint? 注册免费试用版。Sign up for a free trial.

Defender for Endpoint 通过一组编程 API 公开其大部分数据和操作。Defender for Endpoint exposes much of its data and actions through a set of programmatic APIs. 这些 API 将使您能够基于 Defender for Endpoint 功能自动执行工作流创新。Those APIs will enable you to automate workflows and innovate based on Defender for Endpoint capabilities. API 访问需要 OAuth2.0 身份验证。The API access requires OAuth2.0 authentication. 有关详细信息,请参阅OAuth 2.0 授权代码Flow。For more information, see OAuth 2.0 Authorization Code Flow.

观看此视频,快速概览适用于终结点的 API 的 Defender。Watch this video for a quick overview of Defender for Endpoint's APIs.

通常,你将需要执行以下步骤来使用 API:In general, you’ll need to take the following steps to use the APIs:

  • 创建 AAD 应用程序Create an AAD application
  • 使用此应用程序获取访问令牌Get an access token using this application
  • 使用令牌访问 Defender for Endpoint APIUse the token to access Defender for Endpoint API

可以使用应用程序上下文或用户 上下文访问 Defender for Endpoint API。You can access Defender for Endpoint API with Application Context or User Context.

  • 应用程序上下文: (推荐)Application Context: (Recommended)
    由在没有登录用户存在的情况下运行的应用使用。Used by apps that run without a signed-in user present. 例如,作为后台服务或守护程序运行的应用。for example, apps that run as background services or daemons.

    使用应用程序上下文访问 Defender for Endpoint API 需要执行的步骤:Steps that need to be taken to access Defender for Endpoint API with application context:

    1. 创建 AAD Web 应用程序。Create an AAD Web-Application.

    2. 为应用程序分配所需的权限,例如,"读取警报"和"隔离计算机"。Assign the desired permission to the application, for example, 'Read Alerts', 'Isolate Machines'.

    3. 为此应用程序创建密钥。Create a key for this Application.

    4. 使用应用程序及其密钥获取令牌。Get token using the application with its key.

    5. 使用令牌访问 Microsoft Defender 终结点 APIUse the token to access the Microsoft Defender for Endpoint API

      有关详细信息,请参阅获取 应用程序上下文的访问权限For more information, see Get access with application context.

  • 用户上下文:User Context:
    用于代表用户执行 API 中的操作。Used to perform actions in the API on behalf of a user.

    使用应用程序上下文访问 Defender for Endpoint API 要执行的步骤:Steps to take to access Defender for Endpoint API with application context:

    1. 创建 AAD Native-Application。Create AAD Native-Application.

    2. 为应用程序分配所需的权限,例如"读取警报"和"隔离计算机"等。Assign the desired permission to the application, e.g 'Read Alerts', 'Isolate Machines' etc.

    3. 使用具有用户凭据的应用程序获取令牌。Get token using the application with user credentials.

    4. 使用令牌访问 Microsoft Defender 终结点 APIUse the token to access the Microsoft Defender for Endpoint API

      有关详细信息,请参阅使用 用户上下文获取访问权限For more information, see Get access with user context.