Get security recommendations
Applies to:
- Microsoft Defender for Endpoint Plan 1
- Microsoft Defender for Endpoint
- Microsoft Defender Vulnerability Management
Want to experience Defender for Endpoint? Sign up for a free trial.
Want to experience Microsoft Defender Vulnerability Management? Learn more about how you can sign up to the Microsoft Defender Vulnerability Management public preview trial.
Note
If you are a US Government customer, please use the URIs listed in Microsoft Defender for Endpoint for US Government customers.
Tip
For better performance, you can use server closer to your geo location:
- us.api.security.microsoft.com
- eu.api.security.microsoft.com
- uk.api.security.microsoft.com
- au.api.security.microsoft.com
- swa.api.security.microsoft.com
- ina.api.security.microsoft.com
Important
Some information in this article relates to a prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, with respect to the information provided here.
Retrieves a collection of security recommendations related to a given device ID.
Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Use Microsoft Defender for Endpoint APIs
| Permission type | Permission | Permission display name |
|---|---|---|
| Application | SecurityRecommendation.Read.All | 'Read Threat and Vulnerability Management security recommendation information' |
| Delegated (work or school account) | SecurityRecommendation.Read | 'Read Threat and Vulnerability Management security recommendation information' |
HTTP request
GET /api/machines/{machineId}/recommendations
Request headers
| Name | Type | Description |
|---|---|---|
| Authorization | String | Bearer {token}. Required. |
Request body
Empty
Response
If successful, this method returns 200 OK with the security recommendations in the body.
Example
Request example
Here is an example of the request.
GET https://api.securitycenter.microsoft.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/recommendations
Response example
Here is an example of the response.
{
"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Recommendations",
"value": [
{
"id": "va-_-git-scm-_-git",
"productName": "git",
"recommendationName": "Update Git to version 2.24.1.2",
"weaknesses": 3,
"vendor": "git-scm",
"recommendedVersion": "2.24.1.2",
"recommendationCategory": "Application",
"subCategory": "",
"severityScore": 0,
"publicExploit": false,
"activeAlert": false,
"associatedThreats": [],
"remediationType": "Update",
"status": "Active",
"configScoreImpact": 0,
"exposureImpact": 0,
"totalMachineCount": 0,
"exposedMachinesCount": 1,
"nonProductivityImpactedAssets": 0,
"relatedComponent": "Git"
},
...
}
Related topics
- Microsoft Defender Vulnerability Management
- Defender Vulnerability Management security recommendation
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.