Release Date: August 14, 2025
Version: 2.0.0
OpenAPI: 3.0.3
This is a complete rebuild of the Microsoft Defender for Endpoint OpenAPI specification with 100% API coverage and enterprise-grade quality.
| Metric | v1.0.0 | v2.0.0 | Improvement |
|---|---|---|---|
| Total Endpoints | 98 | 109 | +11% |
| Categories | 22 | 21 | Optimized |
| Schemas | ~80 | 121 | +51% |
| Documentation Coverage | Partial | 100% | Complete |
| File Size | ~280KB | 325KB | Optimized |
- 109 Endpoints: Enhanced Microsoft Defender API coverage (+11 from v1.0.0)
- 21 Categories: Systematic functional organization
- 100% Documentation: All 102 Microsoft API docs covered
- Enterprise Ready: Production-grade specification
- Dual Scale Support: JSON (<100K devices) + File exports (>100K devices)
- Advanced OData: Comprehensive filtering, pagination, expansion
- Batch Operations: Bulk operations supporting 500+ items
- Rate Limit Optimization: Specialized limits per operation type
- OAuth2 Integration: Microsoft Entra ID authentication
- RBAC Support: Role-based access control
- Comprehensive Permissions: Detailed permission mapping
- Standardized Errors: 6-tier error response system
| Category | Endpoints | New in 2.0 | Description |
|---|---|---|---|
| Assessment | 11 | ✅ | Security assessment exports |
| AuthenticatedScan | 8 | ✅ | Scan management |
| AutomatedInvestigation | 3 | ✅ | Investigation management |
| BrowserExtensions | 3 | ✅ | Browser extension assessment |
| DeviceHealth | 2 | ✅ | Device health reporting |
| LiveResponseLibrary | 3 | ✅ | Live response file management |
| RemediationActivity | 3 | ✅ | Remediation tracking |
| Score | 3 | ✅ | Security scoring |
| SecurityBaseline | 4 | ✅ | Baseline compliance |
| Category | v1.0.0 | v2.0.0 | Enhancements |
|---|---|---|---|
| Alert | 10 | 10 | Enhanced schemas, $expand support |
| Machine | 13 | 13 | Optimized endpoints, better organization |
| MachineAction | 14 | 14 | Complete action coverage |
| Assessment | 11 | 11 | Comprehensive assessment coverage |
| AuthenticatedScan | 8 | 8 | Complete scan lifecycle |
- Complete Alert Management: From detection to resolution
- Automated Response: Machine actions and live response
- Threat Intelligence: IOC management with 15K active limit
- Investigation Tools: Automated investigations and evidence
- Comprehensive Assessment: 13 assessment endpoints
- Patch Management: KB tracking with CVE correlation
- Risk Prioritization: Exposure scoring and impact assessment
- Remediation Tracking: Complete TVM integration
- Software Inventory: Complete asset tracking
- Hardware Assessment: Firmware and hardware inventory
- Certificate Management: Certificate inventory and assessment
- Browser Security: Extension risk assessment
- Security Baselines: Compliance assessment and reporting
- Configuration Management: Secure configuration tracking
- Audit Support: Comprehensive logging and evidence
- Executive Reporting: Security scores and posture metrics
- Rewst: Optimized for V2 custom integrations
- Zapier: Complete webhook and automation support
- Microsoft Power Platform: Power BI ready data exports
- SIEM Integration: Comprehensive alert and event data
- Code Generation: Complete client SDK generation support
- Server Stubs: OpenAPI 3.0.3 server implementation ready
- Documentation: Auto-generated API documentation
- Testing: Comprehensive schema validation support
- All endpoints reviewed and systematically organized
- Schema standardization with consistent naming
- Category reorganization into 21 logical groups
- Enhanced validation with stricter schema requirements
- From v1.0.0: Review endpoint changes and update integrations as needed
- Integration platforms: Update custom integrations
- Client SDKs: Regenerate all client libraries
- Documentation: Review new comprehensive docs
- README.md: Complete 2.0 feature overview
- CHANGELOG.md: Detailed version history
- COVERAGE.md: 100% documentation tracking
- Integration Guides: Enhanced platform-specific instructions
- Backup current integrations before upgrading
- Download new openapi.json specification
- Re-import into your integration platform
- Update authentication configuration if needed
- Test endpoints in your environment
- Regenerate client SDKs if using code generation
- Download openapi.json from the repository
- Follow integration guides for your platform
- Configure OAuth2 authentication
- Start with core endpoints (alerts, machines)
- Expand to specialized categories as needed
- Continuous Updates: Sync with Microsoft documentation changes
- Community Feedback: Incorporate user suggestions and bug reports
- Platform Optimization: Enhanced support for integration platforms
- Schema Validation: Real-world testing and refinement
- GitHub Issues: Report bugs and feature requests
- Documentation: Comprehensive guides and examples
- Community: Share experiences and best practices
Microsoft Defender for Endpoint OpenAPI 2.0.0 - Complete Enterprise Security API Coverage
Built for enterprise security automation with systematic quality and comprehensive coverage.