Get Machines

6 min

description retrieve a list of machines registered with microsoft defender, including details like id, computer name, and os information endpoint url /api/machines method get inputs parameters (object) $filter (string) $select (string) $orderby (string) $top (number) $skip (number) $count (boolean) $expand (string) output example \[ { "status code" 200, "response headers" { "date" "thu, 04 may 2023 18 25 21 gmt", "content type" "application/json; odata metadata=minimal; odata streaming=true; charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "content encoding" "deflate", "vary" "accept encoding", "odata version" "4 0", "strict transport security" "max age=15724800; includesubdomains" }, "reason" "ok", "json body" { "@odata context" "https //api securitycenter microsoft com/api/$metadata#machines", "value" \[ { "id" "556b3952acb0bff29816d267822305781cc183ec", "mergedintomachineid" null, "ispotentialduplication" false, "isexcluded" false, "exclusionreason" null, "computerdnsname" "se pov desktop", "firstseen" "2023 04 19t13 27 53 1618923z", "lastseen" "2023 05 04t17 40 05 684607z", "osplatform" "windows10", "osversion" null, "osprocessor" "x64", "version" "21h2", "lastipaddress" "172 20 10 4", "lastexternalipaddress" "174 209 205 235", "agentversion" "10 8470 19041 2788", "osbuild" 19044, "healthstatus" "active", "devicevalue" "normal", "rbacgroupid" 0, "rbacgroupname" null, "riskscore" "medium", "exposurelevel" "high", "isaadjoined" true, "aaddeviceid" null, "machinetags" \[], "defenderavstatus" "updated", "onboardingstatus" "onboarded", "osarchitecture" "64 bit", "managedby" "intune", "managedbystatus" "unknown", "ipaddresses" \[ { "ipaddress" "172 20 10 5", "macaddress" "000c2992a643", "type" "ethernet", "operationalstatus" "up" }, { "ipaddress" "172 20 10 4", "macaddress" "000c2992a64d", "type" "ethernet", "operationalstatus" "up" }, { "ipaddress" "2600 1005\ b06a 4c66\ f78f 83dc 7271 383e", "macaddress" "000c2992a64d", "type" "ethernet", "operationalstatus" "up" }, { "ipaddress" "2600 1005\ b06a 4c66 103a 4e1b\ bd95 793e", "macaddress" "000c2992a64d", "type" "ethernet", "operationalstatus" "up" }, { "ipaddress" "fe80 359c\ fd3a 8880\ ddb6", "macaddress" "000c2992a64d", "type" "ethernet", "operationalstatus" "up" }, { "ipaddress" "169 254 5 16", "macaddress" "147ddaa128c4", "type" "ethernet", "operationalstatus" "down" }, { "ipaddress" "fe80 f1fc 1543\ f2f4 228d", "macaddress" "147ddaa128c4", "type" "ethernet", "operationalstatus" "down" }, { "ipaddress" "127 0 0 1", "macaddress" null, "type" "softwareloopback", "operationalstatus" "up" }, { "ipaddress" " 1", "macaddress" null, "type" "softwareloopback", "operationalstatus" "up" } ], "vmmetadata" null } ] } } ] output parameters status code (number) reason (string) json body (object) @odata context (string) value (array) id (string) mergedintomachineid (object) ispotentialduplication (boolean) isexcluded (boolean) exclusionreason (object) computerdnsname (string) firstseen (string) lastseen (string) osplatform (string) osversion (object) osprocessor (string) version (string) lastipaddress (string) lastexternalipaddress (string) agentversion (string) osbuild (number) healthstatus (string) devicevalue (string) rbacgroupid (number) rbacgroupname (object) riskscore (string) exposurelevel (string) isaadjoined (boolean) aaddeviceid (object) machinetags (array) file name (string) – required file (string) – required defenderavstatus (string) onboardingstatus (string) osarchitecture (string) managedby (string) managedbystatus (string) ipaddresses (array) ipaddress (string) macaddress (object) type (string) operationalstatus (string) vmmetadata (object) response headers header type date string content type string transfer encoding string connection string content encoding string vary string odata version string strict transport security string