List all remediation activities

Applies to:

Want to experience Microsoft Defender for Endpoint? Sign up for a free trial..

Want to experience Microsoft Defender Vulnerability Management? Learn more about how you can sign up to the Microsoft Defender Vulnerability Management public preview trial.

Important

Some information in this article relates to a prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, with respect to the information provided here.

Note

If you are a US Government customer, please use the URIs listed in Microsoft Defender for Endpoint for US Government customers.

Tip

For better performance, you can use server closer to your geo location:

  • us.api.security.microsoft.com
  • eu.api.security.microsoft.com
  • uk.api.security.microsoft.com
  • au.api.security.microsoft.com
  • swa.api.security.microsoft.com
  • ina.api.security.microsoft.com

API description

Returns information about all remediation activities.

Learn more about remediation activities.

URL: GET: /api/remediationTasks
Supports OData V4 queries.
OData supported operators:
$filter on: createdon and status properties.
$top with max value of 10,000.
$skip.
See examples at OData queries with Microsoft Defender for Endpoint.

Permissions

One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Use Microsoft Defender for Endpoint APIs for details.

Permission type Permission Permission display name
Application RemediationTasks.Read.All 'Read Threat and Vulnerability Management vulnerability information'
Delegated (work or school account) RemediationTask.Read 'Read Threat and Vulnerability Management vulnerability information'

Properties

Property (ID) Data type Description Example of a returned value
Category String Category of the remediation activity (Software/Security configuration) Software
completerEmail String If the remediation activity was manually completed by someone, this column contains their email Null
completerId String If the remediation activity was manually completed by someone, this column contains their object ID Null
completionMethod String A remediation activity can be completed "automatically" (if all the devices are patched) or "manually" by a person who selects "mark as completed" Automatic
createdOn DateTime Time this remediation activity was created 2021-01-12T18:54:11.5499478Z
Description String Description of this remediation activity Update Microsoft Silverlight to a later version to mitigate known vulnerabilities affecting your devices.
dueOn DateTime Due date the creator set for this remediation activity 2021-01-13T00:00:00Z
fixedDevices . The number of devices that have been fixed 2
ID String ID of this remediation activity 097d9735-5479-4899-b1b7-77398899df92
nameId String Related product name Microsoft Silverlight
Priority String Priority the creator set for this remediation activity (High\Medium\Low) High
productId String Related product ID microsoft-_-silverlight
productivityImpactRemediationType String A few configuration changes could be requested only for devices that don't affect users. This value indicates the selection between "all exposed devices" or "only devices with no user impact." AllExposedAssets
rbacGroupNames String Related device group names [ "Windows Servers", "Windows 11", "Windows 10" ]
recommendedProgram String Recommended program to upgrade to Null
recommendedVendor String Recommended vendor to upgrade to Null
recommendedVersion String Recommended version to update/upgrade to Null
relatedComponent String Related component of this remediation activity (similar to the related component for a security recommendation) Microsoft Silverlight
requesterEmail String Creator email address globaladmin@UserName.contoso.com
requesterId String Creator object ID r647211f-2e16-43f2-a480-16ar3a2a796r
requesterNotes String The notes (free text) the creator added for this remediation activity Null
Scid String SCID of the related security recommendation Null
Status String Remediation activity status (Active/Completed) Active
statusLastModifiedOn DateTime Date when the status field was updated 2021-01-12T18:54:11.5499487Z
targetDevices Long Number of exposed devices that this remediation is applicable to 43
Title String Title of this remediation activity Update Microsoft Silverlight
Type String Remediation type Update
vendorId String Related vendor name Microsoft

Example

Request example

GET https://api.securitycenter.windows.com/api/remediationtasks/

Response example

{
    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#RemediationTasks",
    "value": [
        {
            "id": "03942ef5-aewb-4w6e-b555-d6a97013844w",
            "title": "Update Microsoft Silverlight",
            "createdOn": "2021-02-10T13:20:36.4718166Z",
            "requesterId": "65548a1d-ef00-4a7a-8d19-1b967b5c36f4",
            "requesterEmail": "user1@contoso.com",
            "status": "Active",
            "statusLastModifiedOn": "2021-02-10T13:20:36.4719698Z",
            "description": "Update Silverlight to a later version  to mitigate 55 known vulnerabilities affecting your devices. Doing so can help lessen the security risk to your organization due to versions which have reached their end-of-support.",
            "relatedComponent": "Microsoft Silverlight",
            "targetDevices": 18511,
            "rbacGroupNames": [
                "UnassignedGroup",
                "hhh"
            ],
            "fixedDevices": 2866,
            "requesterNotes": "test",
            "dueOn": "2021-02-11T00:00:00Z",
            "category": "Software",
            "productivityImpactRemediationType": null,
            "priority": "Medium",
            "completionMethod": null,
            "completerId": null,
            "completerEmail": null,
            "scid": null,
            "type": "Update",
            "productId": "microsoft-_-silverlight",
            "vendorId": "microsoft",
            "nameId": "silverlight",
            "recommendedVersion": null,
            "recommendedVendor": null,
            "recommendedProgram": null
        }
    ]
}

See also

Tip

Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.