Files API
Note
Microsoft Defender for Cloud Apps is now part of Microsoft 365 Defender and can be accessed through its portal at: https://security.microsoft.com. Microsoft 365 Defender correlates signals from the Microsoft Defender suite across endpoints, identities, email, and SaaS apps to provide incident-level detection, investigation, and powerful response capabilities. It improves your operational efficiency with better prioritization and shorter response times which protect your organization more effectively. For more information about these changes, see Microsoft Defender for Cloud Apps in Microsoft 365 Defender.
Note
- This API is not available for Office 365 Cloud App Security.
The Files API provides you with metadata about the files and folders stored in your cloud apps, such as last modification date, ownership, and more.
The following lists the supported requests:
Filters
For information about how filters work, see Filters.
The following table describes the supported filters:
| Filter | Type | Operators | Description |
|---|---|---|---|
| service | integer | eq, neq | Filter files from specified app appID, for example: 11770 |
| instance | integer | eq, neq | Filter files from specified instances |
| fileType | integer | eq, neq | Filter files with the specified file type. Possible values include: 0: Other 1: Document 2: Spreadsheet 3: Presentation 4: Text 5: Image 6: Folder |
| allowDeleted | boolean | eq | Possible values include: true: Returns deleted files false or not set: Returns non-deleted (including trashed) files. This will be overridden by trashed operator |
| policy | string | cabinetmatchedrulesequals, neq, isset, isnotset | Filter activities related to the specified policies |
| filename | string | eq | Filter files by filename |
| modifiedDate | timestamp | lte, gte, range, lte_ndays, gte_ndays | Filter files by the date they were last modified |
| createdDate | timestamp | lte, gte, range | Filter files by the date they were created |
| collaborators.entity | entity pk | eq, neq | Filter files shared with specified entities. Example: [{ "id": "entity-id", "saas": 11161, "inst": 0 }] |
| collaborators.domains | string | eq, neq | Filter files shared with specified domains |
| collaborators.groups | string | eq, neq | Filter files shared with specified groups |
| collaborators.withDomain | string | eq, neq, deq | Filter files shared with specified domains |
| owner.entity | entity pk | eq, neq | Filter files owned by specified entities. Example: [{ "id": "entity-id", "saas": 11161, "inst": 0 }] |
| owner.orgUnit | string | eq, neq | Filter files with owners from specified organizational units |
| sharing | integer | eq, neq | Filter files with the specified sharing levels. Possible values include: 4: Public (Internet) 3: Public 2: External 1: Internal 0: Private |
| fileId | string | eq, neq | Filter files by file ID |
| fileLabels | string | eq, neq, isset, isnotset | Filter files containing the specified file labels (tags) IDs |
| fileScanLabels | string | eq, neq, isset, isnotset | Filter files containing the specified content inspection warnings (tags) IDs |
| extension | string | eq, neq | Filter files by a given file extension |
| mimeType | string | eq, neq | Filter files by a given MIME type, must be a single string |
| trashed | boolean | eq | Possible values include: true: Returns only trashed files false: Returns non-trashed files |
| parentFolder | folder | eq, neq | Filter files contained in the specified folders |
| folder | boolean | eq | Possible values include: true: Returns only folders false: Returns only files |
| quarantined | boolean | eq | Possible values include: true: Returns only quarantined files false: Returns only non-quarantined files |
| snapshotLastModifiedDate | timestamp | lte, gte, range | Filter files by the date their snapshot was last modified |
If you run into any problems, we're here to help. To get assistance or support for your product issue, please open a support ticket.
Feedback
Submit and view feedback for