Can I create a PowerAutomate flow to offboard devices in Defender for Endpoint?

Mohammed Ibrahim 0 Reputation points
2024-05-08T15:04:07.6433333+00:00

I would like to create a friendly interface for users to offboard devices in Defender for Endpoint, so they won't have to run this process manually.

Is this possible?

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,215 questions
{count} votes

1 answer

Sort by: Most helpful
  1. James Hamil 22,351 Reputation points Microsoft Employee
    2024-05-08T19:42:01.3633333+00:00

    Hi @aa , you should be able to use the "HTTP" action in Power Automate to call the Microsoft Graph API to offboard devices: https://learn.microsoft.com/en-us/power-automate/desktop-flows/actions-reference/web1.

    1. Add a "HTTP" action to the flow.
    2. In the "HTTP" action, set the method to "DELETE".
    3. In the "HTTP" action, set the method to "DELETE".
    4. Set the URI to the following endpoint: https://graph.microsoft.com/beta/security/tiIndicators/{indicatorId}
    5. In the "Headers" section, add an "Authorization" header with a bearer token for authentication.
    6. In the "Body" section, add the JSON payload with the device ID(s) you want to offboard.

    Please let me know if you have any questions and I can help you further.

    If this answer helps you please mark "Accept Answer" so other users can reference it.

    Thank you,

    James

    0 comments No comments