Skip to content
Recued
Menu
← Back to packs

Endpoint Security - Microsoft Defender for Endpoint

by recued-core v1 app_pack

API capability pack for bounded Microsoft Defender for Endpoint operations against https://api.security.microsoft.com. Enroll a Microsoft Defender for Endpoint OAuth bearer connection named microsoft-defender with least-privilege WindowsDefenderATP API permissions for the installed operations. The pack reads alerts, machines, machine-related alerts, logon users, machine actions, exposure score, security recommendations, and vulnerability information for endpoint security triage, vulnerability review, and incident response context. It bundles a scheduled endpoint security digest, an AI-assisted machine investigation brief, and approval-gated workflows for isolating one machine, releasing one machine from isolation, or updating one alert. The pack intentionally excludes advanced hunting query passthrough, live response, offboarding, antivirus scan actions, file quarantine/stop actions, package collection, cancel action, machine tag mutation, indicator creation/deletion, alert creation, bulk alert update, raw tenant export/download endpoints, arbitrary Defender API passthrough, and credential-bearing fields in operation arguments.

Trust & control

What installing this whole pack would let it do. Recued grants these permissions at install — review them there before approving.

Where it runs

Device + server Runs on your device (browser) or your server.

What it's allowed to do

Admin Web APIs microsoft-defender-endpoint external change
Read: alert.read · No approvalRead: alert.search · No approvalWrite: alert.update · Asks approvalRead: exposure_score.read · No approvalRead: machine.alert.search · No approvalAdmin: machine.isolate · Always asksRead: machine.logon_user.search · No approvalRead: machine.read · No approvalRead: machine.search · No approvalAdmin: machine.unisolate · Always asksRead: machine.vulnerability.search · No approvalRead: machine_action.search · No approvalRead: recommendation.search · No approvalRead: vulnerability.search · No approval

Data it touches

SurfacesWeb APIs

About

Tags

pack:microsoft-defender-endpointmicrosoft-defender-endpointdefender-for-endpointmicrosoft-defenderendpoint-securityedralertsmachinesvulnerabilitiessecurity-recommendationsincident-responseapiv3composition