Microsoft announced the general availability of the Windows Defender Advanced Threat Protection (ATP) programmatic application programming interface (API) which allows customers to create their custom apps using Microsoft Defender ATP's capabilities.
The Microsoft Windows Defender ATP APIs require OAuth2.0 authentication and they need customers to first create an AAD application and request an access token to start using the APIs with their custom applications.
Additionally, the Windows Defender ATP APIs can be accessed in either Application Context or User Context, with the first and the recommended one allowing apps to run as daemons for background services, while the second allows apps to perform actions on behalf of the user using the API.
Microsoft Defender ATP APIs are now generally available! This rich set of APIs enable customers to automate workflows and innovate defenses based on Microsoft Defender ATP’s capabilities. https://t.co/XCfZyJREo3
— Microsoft Security Intelligence (@MsftSecIntel) April 22, 2019
As explained by Microsoft, the Windows Defender ATP APIs are "a rich and complete set of APIs geared to fulfill the needs of security operations teams, enabling interoperability with enterprise security applications and automation."
This makes it possible for security operation teams to easily integrate and organize defenses over their company's solution stack to make it possible to effectively respond to modern threats.
Microsoft Defender ATP offers a layered API model exposing data and capabilities in a structured, clear and easy to use model, exposed through a standard AAD based authentication and authorization model allowing access in context of users or SaaS applications.
As Redmond further details, the generally available Defender ATP APIs will allow customers to implement advanced "process automation, data integration, and orchestration of actions" in enterprise environments.
Microsoft Defender ATP APIs also allow "enterprises to connect different solutions together to seamlessly create 'better-together' integrations using the robust capabilities and data offered by Microsoft Defender ATP across third-party solutions and enterprise security applications."
Microsoft provides a full overview of the Windows Defender ATP APIs and a detailed list of all "individual supported entities where you can run API calls to and details such as HTTP request values, request headers and expected responses.
Post a Comment Community Rules
You need to login in order to post a comment
Not a member yet? Register Now