Share via

Can I create a PowerAutomate flow to offboard devices in Defender for Endpoint?

Mohammed Ibrahim 0 Reputation points
2024-05-08T15:04:07.6433333+00:00

I would like to create a friendly interface for users to offboard devices in Defender for Endpoint, so they won't have to run this process manually.

Is this possible?

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,484 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. James Hamil 26,981 Reputation points Microsoft Employee
    2024-05-08T19:42:01.3633333+00:00

    Hi @aa , you should be able to use the "HTTP" action in Power Automate to call the Microsoft Graph API to offboard devices: https://learn.microsoft.com/en-us/power-automate/desktop-flows/actions-reference/web1.

    1. Add a "HTTP" action to the flow.
    2. In the "HTTP" action, set the method to "DELETE".
    3. In the "HTTP" action, set the method to "DELETE".
    4. Set the URI to the following endpoint: https://graph.microsoft.com/beta/security/tiIndicators/{indicatorId}
    5. In the "Headers" section, add an "Authorization" header with a bearer token for authentication.
    6. In the "Body" section, add the JSON payload with the device ID(s) you want to offboard.

    Please let me know if you have any questions and I can help you further.

    If this answer helps you please mark "Accept Answer" so other users can reference it.

    Thank you,

    James

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.