![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 43%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMI%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud
A cloud-native solution that protects workloads across hybrid and multi-cloud environments with threat detection and security recommendations
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi @aa , you should be able to use the "HTTP" action in Power Automate to call the Microsoft Graph API to offboard devices: https://learn.microsoft.com/en-us/power-automate/desktop-flows/actions-reference/web1.
- Add a "HTTP" action to the flow.
- In the "HTTP" action, set the method to "DELETE".
- In the "HTTP" action, set the method to "DELETE".
- Set the URI to the following endpoint: https://graph.microsoft.com/beta/security/tiIndicators/{indicatorId}
- In the "Headers" section, add an "Authorization" header with a bearer token for authentication.
- In the "Body" section, add the JSON payload with the device ID(s) you want to offboard.
Please let me know if you have any questions and I can help you further.
If this answer helps you please mark "Accept Answer" so other users can reference it.
Thank you,
James