A while back I wrote this post:
Using the Defender for Endpoint API and PowerShell
Problem is, the script that I developed:
https://github.com/directorcia/Office365/blob/master/endpoint-api-svbm.ps1
now doesn’t seem to bring back any results!
It used the following API:
https://api.securitycenter.microsoft.com/api/machines/SoftwareVulnerabilitiesByMachine
which isn’t generating any data or any errors!
The above returned results shows a good status but the value of data is empty.
So for now I’ll have to assume that this API is unavailable. No fear I’ve developed a new script:
https://github.com/directorcia/Office365/blob/master/mde-vul-get.ps1
which will not only list out the vulnerabilities but also export to a CSV file.
That allows you to sort and filter the results any way you wish.
To get the script working you still need the following API permissions for your Azure AD App with the WindowsDefenderATP API:
Application permissions = Vulnerability.Read.All
Application permissions = Machine.Read.All, Machine.ReadWrite.All
like so:
You also need to ensure you change the Azure AD App information in the script to match your own:
If you want to export more information you should be able to easily modify the script which firstly get the machine info and then the vulnerabilities on each.
Hopefully, this give people what they need until the original API comes back on line.
CIAOPS 
One thought on “Using the Defender for Endpoint API and PowerShell (Updated)”