List all remediation activities
Applies to:
- Microsoft Defender for Endpoint Plan 1
- Microsoft Defender for Endpoint Plan 2
- Microsoft Defender Vulnerability Management
- Microsoft Defender XDR
Want to experience Microsoft Defender for Endpoint? Sign up for a free trial..
Want to experience Microsoft Defender Vulnerability Management? Learn more about how you can sign up to the Microsoft Defender Vulnerability Management public preview trial.
Important
Some information in this article relates to a prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, with respect to the information provided here.
Note
If you are a US Government customer, please use the URIs listed in Microsoft Defender for Endpoint for US Government customers.
Tip
For better performance, you can use server closer to your geo location:
- api-us.securitycenter.microsoft.com
- api-eu.securitycenter.microsoft.com
- api-uk.securitycenter.microsoft.com
- api-au.securitycenter.microsoft.com
API description
Returns information about all remediation activities.
Learn more about remediation activities.
URL: GET: /api/remediationTasks
Supports OData V4 queries.
OData supported operators:
$filter on: createdon and status properties.
$top with max value of 10,000.
$skip.
See examples at OData queries with Microsoft Defender for Endpoint.
Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Use Microsoft Defender for Endpoint APIs for details.
| Permission type | Permission | Permission display name |
|---|---|---|
| Application | RemediationTasks.Read.All | 'Read Threat and Vulnerability Management vulnerability information' |
| Delegated (work or school account) | RemediationTask.Read | 'Read Threat and Vulnerability Management vulnerability information' |
Properties
| Property (ID) | Data type | Description | Example of a returned value |
|---|---|---|---|
| Category | String | Category of the remediation activity (Software/Security configuration) | Software |
| completerEmail | String | If the remediation activity was manually completed by someone, this column contains their email | Null |
| completerId | String | If the remediation activity was manually completed by someone, this column contains their object ID | Null |
| completionMethod | String | A remediation activity can be completed "automatically" (if all the devices are patched) or "manually" by a person who selects "mark as completed" | Automatic |
| createdOn | DateTime | Time this remediation activity was created | 2021-01-12T18:54:11.5499478Z |
| Description | String | Description of this remediation activity | Update Microsoft Silverlight to a later version to mitigate known vulnerabilities affecting your devices. |
| dueOn | DateTime | Due date the creator set for this remediation activity | 2021-01-13T00:00:00Z |
| fixedDevices | . | The number of devices that have been fixed | 2 |
| ID | String | ID of this remediation activity | 097d9735-5479-4899-b1b7-77398899df92 |
| nameId | String | Related product name | Microsoft Silverlight |
| Priority | String | Priority the creator set for this remediation activity (High\Medium\Low) | High |
| productId | String | Related product ID | microsoft-_-silverlight |
| productivityImpactRemediationType | String | A few configuration changes could be requested only for devices that don't affect users. This value indicates the selection between "all exposed devices" or "only devices with no user impact." | AllExposedAssets |
| rbacGroupNames | String | Related device group names | [ "Windows Servers", "Windows 11", "Windows 10" ] |
| recommendedProgram | String | Recommended program to upgrade to | Null |
| recommendedVendor | String | Recommended vendor to upgrade to | Null |
| recommendedVersion | String | Recommended version to update/upgrade to | Null |
| relatedComponent | String | Related component of this remediation activity (similar to the related component for a security recommendation) | Microsoft Silverlight |
| requesterEmail | String | Creator email address | globaladmin@UserName.contoso.com |
| requesterId | String | Creator object ID | r647211f-2e16-43f2-a480-16ar3a2a796r |
| requesterNotes | String | The notes (free text) the creator added for this remediation activity | Null |
| Scid | String | SCID of the related security recommendation | Null |
| Status | String | Remediation activity status (Active/Completed) | Active |
| statusLastModifiedOn | DateTime | Date when the status field was updated | 2021-01-12T18:54:11.5499487Z |
| targetDevices | Long | Number of exposed devices that this remediation is applicable to | 43 |
| Title | String | Title of this remediation activity | Update Microsoft Silverlight |
| Type | String | Remediation type | Update |
| vendorId | String | Related vendor name | Microsoft |
Example
Request example
GET https://api.securitycenter.windows.com/api/remediationtasks/
Response example
{
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#RemediationTasks",
"value": [
{
"id": "03942ef5-aewb-4w6e-b555-d6a97013844w",
"title": "Update Microsoft Silverlight",
"createdOn": "2021-02-10T13:20:36.4718166Z",
"requesterId": "65548a1d-ef00-4a7a-8d19-1b967b5c36f4",
"requesterEmail": "user1@contoso.com",
"status": "Active",
"statusLastModifiedOn": "2021-02-10T13:20:36.4719698Z",
"description": "Update Silverlight to a later version to mitigate 55 known vulnerabilities affecting your devices. Doing so can help lessen the security risk to your organization due to versions which have reached their end-of-support.",
"relatedComponent": "Microsoft Silverlight",
"targetDevices": 18511,
"rbacGroupNames": [
"UnassignedGroup",
"hhh"
],
"fixedDevices": 2866,
"requesterNotes": "test",
"dueOn": "2021-02-11T00:00:00Z",
"category": "Software",
"productivityImpactRemediationType": null,
"priority": "Medium",
"completionMethod": null,
"completerId": null,
"completerEmail": null,
"scid": null,
"type": "Update",
"productId": "microsoft-_-silverlight",
"vendorId": "microsoft",
"nameId": "silverlight",
"recommendedVersion": null,
"recommendedVendor": null,
"recommendedProgram": null
}
]
}
See also
- Remediation methods and properties
- Get one remediation activity by ID
- List exposed devices of one remediation activity
- Microsoft Defender Vulnerability Management
- Vulnerabilities in your organization
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for