@kimak, Thanks for posting in Q&A. From your description, it seems the issue is with API of Defender for Endpoint which we are not familiar with. You can contact Defender for Endpoint support in the following link to see if you can get more help on this.
Thanks for your understanding.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.