Generate block script - Cloud Discovery API


Microsoft Defender for Cloud Apps is now part of Microsoft 365 Defender, which correlates signals from across the Microsoft Defender suite and provides incident-level detection, investigation, and powerful response capabilities. For more information, see Microsoft Defender for Cloud Apps in Microsoft 365 Defender.


This request is not available for Microsoft 365 Cloud App Security.

Run the GET request to get a block script for your network appliance.

HTTP request

GET /api/discovery_block_scripts/

Request URL parameters

Parameter Description
format The format of the network appliance.

The following formats are currently supported:

Appliance Format
BlueCoat ProxySG 102
Cisco ASA 104
Fortinet FortiGate 108
Juniper SRX 129
Palo Alto 112
Websense 135
Zscaler 120


If you can't find your appliance, generate a block script manually using the portal.


This request returns the block script as text.



Here is an example of the request.

curl -XGET -H "Authorization:Token <your_token_key>" "https://<tenant_id>.<tenant_region>"


This API supports both token and bearer options. When using the token option, enter the token you generated in the API Token tab. When using the bearer option, provide the token you generated through Azure AD Graph.

Response example deny deny deny

If you run into any problems, we're here to help. To get assistance or support for your product issue, please open a support ticket.