Using the Defender for Endpoint API and PowerShell (Updated)

A while back I wrote this post:

Using the Defender for Endpoint API and PowerShell

Problem is, the script that I developed:

now doesn’t seem to bring back any results!


It used the following API:

which isn’t generating any data or any errors!


The above returned results shows a good status but the value of data is empty.

So for now I’ll have to assume that this API is unavailable. No fear I’ve developed a new script:



which will not only list out the vulnerabilities but also export to a CSV file.


That allows you to sort and filter the results any way you wish.

To get the script working you still need the following API permissions for your Azure AD App with the WindowsDefenderATP API:

Application permissions = Vulnerability.Read.All

Application permissions = Machine.Read.All, Machine.ReadWrite.All

like so:


You also need to ensure you change the Azure AD App information in the script to match your own:


If you want to export more information you should be able to easily modify the script which firstly get the machine info and then the vulnerabilities on each.

Hopefully, this give people what they need until the original API comes back on line.

One thought on “Using the Defender for Endpoint API and PowerShell (Updated)

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s