Microsoft 365 Defender APIs 概述Overview of Microsoft 365 Defender APIs


改良的 Microsoft 365 安全性中心現在可用。The improved Microsoft 365 security center is now available. 這個新的體驗會將適用於端點的 Defender、適用於 Office 365 的 Defender、Microsoft 365 Defender 和更多功能帶到 Microsoft 365 安全性中心。This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 security center. 了解新功能Learn what's new.

適用於:Applies to:

  • Microsoft 365 DefenderMicrosoft 365 Defender


部分資訊與發行前版本產品有關,在正式發行之前可能會實質上進行修改。Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft 對此處提供的資訊,不提供任何明確或隱含的瑕疵擔保。Microsoft makes no warranties, express or implied, with respect to the information provided here.

Microsoft 365 Defender 是以整合就緒平臺為基礎。Microsoft 365 Defender is built on top of an integration-ready platform.

使用 Microsoft 365 Defender APIs,以根據共用的事件和高級搜尋表來自動化工作流程。Use the Microsoft 365 Defender APIs to automate workflows based on the shared incident and advanced hunting tables.

  • 結合的事件佇列 -著重于將完整的攻擊範圍和所有受影響的資產分組在事件 API 底下的重要事項。Combined incidents queue - Focus on what's critical by grouping the full attack scope and all impacted assets together under the incident API.

  • 跨產品威脅搜尋 -利用您的安全小組的組織知識,透過建立您自己的自訂查詢,以透過跨多個保護產品所收集的原始資料來進行保護,以尋找損害的跡象。Cross-product threat hunting - Leverage your security team's organizational knowledge to hunt for signs of compromise, by creating your own custom queries to sift over raw data collected across multiple protection products.

使用 流式 API ,在單一資料流程中發生即時事件及來自實例的警示。Use the Streaming API to ship real-time events and alerts from instances as they occur within a single data stream.

除了這些 Microsoft 365 Defender 特有 APIs 之外,我們的每一種安全性產品都會公開其他 APIs ,以協助您利用其獨特的功能。Along with these Microsoft 365 Defender-specific APIs, each of our other security products expose additional APIs to help you take advantage of their unique capabilities.


轉換至統一入口網站不應該影響以 Microsoft Defender for Endpoint APIs 為基礎的 PowerBi 儀表板。The transition to the unified portal should not affect the PowerBi dashboards based on Microsoft Defender for Endpoint APIs. 不論互動式入口網站轉換的情況為何,您都可以繼續使用現有的 APIs。You can continue to work with the existing APIs regardless of the interactive portal transition.

深入了解Learn more

瞭解如何存取 APIsUnderstand how to access the APIs
深入瞭解 API 配額和授權Learn about API quotas and licensing
存取 Microsoft 365 Defender APIsAccess the Microsoft 365 Defender APIs
Build appsBuild apps
建立 "Hello world" 應用程式Create a 'Hello world' app
建立應用程式,以代表使用者存取 Microsoft 365 Defender APIsCreate an app to access Microsoft 365 Defender APIs on behalf of a user
建立應用程式以存取沒有使用者的 Microsoft 365 DefenderCreate an app to access Microsoft 365 Defender without a user
建立具有多租使用者夥伴存取權的應用程式 Microsoft 365 Defender APIsCreate an app with multi-tenant partner access to Microsoft 365 Defender APIs
疑難排解及維護您的應用程式Troubleshoot and maintain your apps
瞭解 API 錯誤代碼Understand API error codes
使用 Azure Key Vault 管理應用程式中的機密Manage secrets in your apps with Azure Key Vault
針對使用者登入執行 OAuth 2.0 授權Implement OAuth 2.0 authorization for user sign in