Create malwareStateForWindowsDevice

Namespace: microsoft.graph

Note: The Microsoft Graph API for Intune requires an active Intune license for the tenant.

Create a new malwareStateForWindowsDevice object.

This API is available in the following national cloud deployments.

Global service	US Government L4	US Government L5 (DOD)	China operated by 21Vianet
✅	✅	✅	✅

Permissions

One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

Permission type	Permissions (from least to most privileged)
Delegated (work or school account)	DeviceManagementManagedDevices.ReadWrite.All
Delegated (personal Microsoft account)	Not supported.
Application	DeviceManagementManagedDevices.ReadWrite.All

HTTP Request

POST /deviceManagement/windowsMalwareInformation/{windowsMalwareInformationId}/deviceMalwareStates

Request headers

Header	Value
Authorization	Bearer {token}. Required. Learn more about authentication and authorization.
Accept	application/json

Request body

In the request body, supply a JSON representation for the malwareStateForWindowsDevice object.

The following table shows the properties that are required when you create the malwareStateForWindowsDevice.

Property	Type	Description
id	String	The unique Identifier. This is device id.
deviceName	String	Indicates the name of the device being evaluated for malware state
executionState	windowsMalwareExecutionState	Indicates execution status of the malware. Possible values are: unknown, blocked, allowed, running, notRunning. Defaults to unknown. Possible values are: unknown, blocked, allowed, running, notRunning.
threatState	windowsMalwareThreatState	Indicates threat status of the malware. Possible values are: active, actionFailed, manualStepsRequired, fullScanRequired, rebootRequired, remediatedWithNonCriticalFailures, quarantined, removed, cleaned, allowed, noStatusCleared. defaults to noStatusCleared. Possible values are: active, actionFailed, manualStepsRequired, fullScanRequired, rebootRequired, remediatedWithNonCriticalFailures, quarantined, removed, cleaned, allowed, noStatusCleared.
initialDetectionDateTime	DateTimeOffset	Initial detection datetime of the malware
lastStateChangeDateTime	DateTimeOffset	The last time this particular threat was changed
detectionCount	Int32	Indicates the number of times the malware is detected

Response

If successful, this method returns a 201 Created response code and a malwareStateForWindowsDevice object in the response body.

Example

Request

Here is an example of the request.

HTTP

POST https://graph.microsoft.com/v1.0/deviceManagement/windowsMalwareInformation/{windowsMalwareInformationId}/deviceMalwareStates
Content-type: application/json
Content-length: 334

{
  "@odata.type": "#microsoft.graph.malwareStateForWindowsDevice",
  "deviceName": "Device Name value",
  "executionState": "blocked",
  "threatState": "actionFailed",
  "initialDetectionDateTime": "2016-12-31T23:57:05.3889692-08:00",
  "lastStateChangeDateTime": "2016-12-31T23:59:51.0767794-08:00",
  "detectionCount": 14
}

C#

// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Models;

var requestBody = new MalwareStateForWindowsDevice
{
	OdataType = "#microsoft.graph.malwareStateForWindowsDevice",
	DeviceName = "Device Name value",
	ExecutionState = WindowsMalwareExecutionState.Blocked,
	ThreatState = WindowsMalwareThreatState.ActionFailed,
	InitialDetectionDateTime = DateTimeOffset.Parse("2016-12-31T23:57:05.3889692-08:00"),
	LastStateChangeDateTime = DateTimeOffset.Parse("2016-12-31T23:59:51.0767794-08:00"),
	DetectionCount = 14,
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.DeviceManagement.WindowsMalwareInformation["{windowsMalwareInformation-id}"].DeviceMalwareStates.PostAsync(requestBody);

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

CLI

mgc device-management windows-malware-information device-malware-states create --windows-malware-information-id {windowsMalwareInformation-id} --body '{\
  "@odata.type": "#microsoft.graph.malwareStateForWindowsDevice",\
  "deviceName": "Device Name value",\
  "executionState": "blocked",\
  "threatState": "actionFailed",\
  "initialDetectionDateTime": "2016-12-31T23:57:05.3889692-08:00",\
  "lastStateChangeDateTime": "2016-12-31T23:59:51.0767794-08:00",\
  "detectionCount": 14\
}\
'

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

Go

// Code snippets are only available for the latest major version. Current major version is $v1.*

// Dependencies
import (
	  "context"
	  "time"
	  msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
	  graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
	  //other-imports
)

requestBody := graphmodels.NewMalwareStateForWindowsDevice()
deviceName := "Device Name value"
requestBody.SetDeviceName(&deviceName) 
executionState := graphmodels.BLOCKED_WINDOWSMALWAREEXECUTIONSTATE 
requestBody.SetExecutionState(&executionState) 
threatState := graphmodels.ACTIONFAILED_WINDOWSMALWARETHREATSTATE 
requestBody.SetThreatState(&threatState) 
initialDetectionDateTime , err := time.Parse(time.RFC3339, "2016-12-31T23:57:05.3889692-08:00")
requestBody.SetInitialDetectionDateTime(&initialDetectionDateTime) 
lastStateChangeDateTime , err := time.Parse(time.RFC3339, "2016-12-31T23:59:51.0767794-08:00")
requestBody.SetLastStateChangeDateTime(&lastStateChangeDateTime) 
detectionCount := int32(14)
requestBody.SetDetectionCount(&detectionCount) 

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
deviceMalwareStates, err := graphClient.DeviceManagement().WindowsMalwareInformation().ByWindowsMalwareInformationId("windowsMalwareInformation-id").DeviceMalwareStates().Post(context.Background(), requestBody, nil)

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

Java

// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

MalwareStateForWindowsDevice malwareStateForWindowsDevice = new MalwareStateForWindowsDevice();
malwareStateForWindowsDevice.setOdataType("#microsoft.graph.malwareStateForWindowsDevice");
malwareStateForWindowsDevice.setDeviceName("Device Name value");
malwareStateForWindowsDevice.setExecutionState(WindowsMalwareExecutionState.Blocked);
malwareStateForWindowsDevice.setThreatState(WindowsMalwareThreatState.ActionFailed);
OffsetDateTime initialDetectionDateTime = OffsetDateTime.parse("2016-12-31T23:57:05.3889692-08:00");
malwareStateForWindowsDevice.setInitialDetectionDateTime(initialDetectionDateTime);
OffsetDateTime lastStateChangeDateTime = OffsetDateTime.parse("2016-12-31T23:59:51.0767794-08:00");
malwareStateForWindowsDevice.setLastStateChangeDateTime(lastStateChangeDateTime);
malwareStateForWindowsDevice.setDetectionCount(14);
MalwareStateForWindowsDevice result = graphClient.deviceManagement().windowsMalwareInformation().byWindowsMalwareInformationId("{windowsMalwareInformation-id}").deviceMalwareStates().post(malwareStateForWindowsDevice);

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

JavaScript

const options = {
	authProvider,
};

const client = Client.init(options);

const malwareStateForWindowsDevice = {
  '@odata.type': '#microsoft.graph.malwareStateForWindowsDevice',
  deviceName: 'Device Name value',
  executionState: 'blocked',
  threatState: 'actionFailed',
  initialDetectionDateTime: '2016-12-31T23:57:05.3889692-08:00',
  lastStateChangeDateTime: '2016-12-31T23:59:51.0767794-08:00',
  detectionCount: 14
};

await client.api('/deviceManagement/windowsMalwareInformation/{windowsMalwareInformationId}/deviceMalwareStates')
	.post(malwareStateForWindowsDevice);

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

PHP

<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\MalwareStateForWindowsDevice;
use Microsoft\Graph\Generated\Models\WindowsMalwareExecutionState;
use Microsoft\Graph\Generated\Models\WindowsMalwareThreatState;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestBody = new MalwareStateForWindowsDevice();
$requestBody->setOdataType('#microsoft.graph.malwareStateForWindowsDevice');
$requestBody->setDeviceName('Device Name value');
$requestBody->setExecutionState(new WindowsMalwareExecutionState('blocked'));
$requestBody->setThreatState(new WindowsMalwareThreatState('actionFailed'));
$requestBody->setInitialDetectionDateTime(new \DateTime('2016-12-31T23:57:05.3889692-08:00'));
$requestBody->setLastStateChangeDateTime(new \DateTime('2016-12-31T23:59:51.0767794-08:00'));
$requestBody->setDetectionCount(14);

$result = $graphServiceClient->deviceManagement()->windowsMalwareInformation()->byWindowsMalwareInformationId('windowsMalwareInformation-id')->deviceMalwareStates()->post($requestBody)->wait();

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

PowerShell

Import-Module Microsoft.Graph.DeviceManagement

$params = @{
	"@odata.type" = "#microsoft.graph.malwareStateForWindowsDevice"
	deviceName = "Device Name value"
	executionState = "blocked"
	threatState = "actionFailed"
	initialDetectionDateTime = [System.DateTime]::Parse("2016-12-31T23:57:05.3889692-08:00")
	lastStateChangeDateTime = [System.DateTime]::Parse("2016-12-31T23:59:51.0767794-08:00")
	detectionCount = 14
}

New-MgDeviceManagementWindowsMalwareInformationDeviceMalwareState -WindowsMalwareInformationId $windowsMalwareInformationId -BodyParameter $params

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

Python

# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.malware_state_for_windows_device import MalwareStateForWindowsDevice
from msgraph.generated.models.windows_malware_execution_state import WindowsMalwareExecutionState
from msgraph.generated.models.windows_malware_threat_state import WindowsMalwareThreatState
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = MalwareStateForWindowsDevice(
	odata_type = "#microsoft.graph.malwareStateForWindowsDevice",
	device_name = "Device Name value",
	execution_state = WindowsMalwareExecutionState.Blocked,
	threat_state = WindowsMalwareThreatState.ActionFailed,
	initial_detection_date_time = "2016-12-31T23:57:05.3889692-08:00",
	last_state_change_date_time = "2016-12-31T23:59:51.0767794-08:00",
	detection_count = 14,
)

result = await graph_client.device_management.windows_malware_information.by_windows_malware_information_id('windowsMalwareInformation-id').device_malware_states.post(request_body)

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

Response

Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 383

{
  "@odata.type": "#microsoft.graph.malwareStateForWindowsDevice",
  "id": "ce06da73-da73-ce06-73da-06ce73da06ce",
  "deviceName": "Device Name value",
  "executionState": "blocked",
  "threatState": "actionFailed",
  "initialDetectionDateTime": "2016-12-31T23:57:05.3889692-08:00",
  "lastStateChangeDateTime": "2016-12-31T23:59:51.0767794-08:00",
  "detectionCount": 14
}