Microsoft 365 Defender API 概述Overview of Microsoft 365 Defender APIs


改进的 Microsoft 365 安全中心现已提供公共预览版。The improved Microsoft 365 security center is now available in public preview. 此新体验将 Defender for Endpoint、Defender for Office 365、Microsoft 365 Defender 等引入 Microsoft 365 安全中心。This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 security center. 安全团队现可管理所有终结点、电子邮件和跨产品调查、配置和修正,而无需导航到单独的产品门户。Security teams can now manage all endpoint, email and cross product investigations, configuration and remediation without the need to navigate to separate product portals. 了解有关更改的详细信息Learn more about what's changed.

适用于:Applies to:

  • Microsoft 365 DefenderMicrosoft 365 Defender


某些信息与预发布的产品有关,在商业发布之前可能有重大修改。Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft 对此处所提供的信息不作任何明示或默示的保证。Microsoft makes no warranties, express or implied, with respect to the information provided here.

Microsoft 365 Defender 基于集成就绪平台构建。Microsoft 365 Defender is built on top of an integration-ready platform.

使用 Microsoft 365 Defender API 根据共享事件和高级搜寻表自动执行工作流。Use the Microsoft 365 Defender APIs to automate workflows based on the shared incident and advanced hunting tables.

  • 组合事件队列 - 通过按事件 API 将整个攻击范围和所有影响的资产分组在一起,重点关注关键内容。Combined incidents queue - Focus on what's critical by grouping the full attack scope and all impacted assets together under the incident API.

  • 跨产品威胁搜寻 - 通过创建自己的自定义查询来筛选跨多个保护产品收集的原始数据,利用安全团队的组织知识搜寻泄露的迹象。Cross-product threat hunting - Leverage your security team's organizational knowledge to hunt for signs of compromise, by creating your own custom queries to sift over raw data collected across multiple protection products.

除了这些特定于 Microsoft 365 Defender 的 API 外,我们每个其他安全产品都公开了其他 API,以帮助你充分利用它们的独特功能。Along with these Microsoft 365 Defender-specific APIs, each of our other security products expose additional APIs to help you take advantage of their unique capabilities.

了解更多Learn more

了解如何访问 APIUnderstand how to access the APIs
了解 API 配额和许可Learn about API quotas and licensing
访问 Microsoft 365 Defender APIAccess the Microsoft 365 Defender APIs
构建应用程序Build apps
创建"Hello world"应用Create a 'Hello world' app
创建应用以代表用户访问 Microsoft 365 Defender APICreate an app to access Microsoft 365 Defender APIs on behalf of a user
创建应用以在没有用户的情况下访问 Microsoft 365 DefenderCreate an app to access Microsoft 365 Defender without a user
创建具有对 Microsoft 365 Defender API 的多租户合作伙伴访问权限的应用Create an app with multi-tenant partner access to Microsoft 365 Defender APIs
对应用进行故障排除和维护Troubleshoot and maintain your apps
了解 API 错误代码Understand API error codes
使用 Azure Key Vault 管理应用中的密钥Manage secrets in your apps with Azure Key Vault
为用户登录实现 OAuth 2.0 授权Implement OAuth 2.0 authorization for user sign in