Share via

Defender for Endpont - Device Isolation via API

kimak 0 Reputation points
2024-03-20T14:15:45.4366667+00:00

Hello All,

I am trying to craft an script to isolate device via powershell.

I have created Enterprise app, i have assigned to that app permission (as delegated - i do not want to use it as application) Machine.Isolate and granted consent.

Script currently looks like this:

function Isolate-Device ($device) {
    $tenantId = "xxx"
    $clientId = "xxx"
    
    $MsalParams = @{
        ClientId = $clientId
        TenantId = $tenantId
        Scopes   = 'https://userrequestsgraphapiep-prd.trafficmanager.net//Machine.Isolate'
    }

    $MsalResponse = Get-MsalToken @MsalParams
    $token = $MsalResponse.AccessToken
    #$token

    $headers = @{
        Authorization = "Bearer $token"
    }
   
    $body = @{
        "Comment" = "Isolated"
        "IsolationType" = "Full"
    }
   
    $response = Invoke-RestMethod -Uri "https://api.securitycenter.microsoft.com/api/machines/$device/isolate" -Method POST -Body ($body | ConvertTo-Json) -Headers $headers -Verbose
}

Token looks like is generated correctly:

"scp": "AdvancedQuery.Read Machine.Isolate"

But when I try to run function i get error below:

2024-03-20_15-12-16

Any idea on where i am making mistake? Thanks in advance!

Microsoft 365
Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
4,003 questions
Microsoft Intune Security
Microsoft Intune Security
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
359 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,518 questions
PowerShell
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,190 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Crystal-MSFT 44,511 Reputation points Microsoft Vendor
    2024-03-21T01:37:58.65+00:00

    @kimak, Thanks for posting in Q&A. From your description, it seems the issue is with API of Defender for Endpoint which we are not familiar with. You can contact Defender for Endpoint support in the following link to see if you can get more help on this.

    https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/contact-support?view=o365-worldwide

    Thanks for your understanding.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments
  2. Gil Burns 0 Reputation points
    2024-05-21T21:41:45.37+00:00

    Try using this URI for both the token request and for the rest method:

    https://api-us.securitycenter.microsoft.com

    0 comments