Hi
We are currently building a reporting system for all Client / Server Systems, which should contain Intune Configs / State and Defender Informations. All our Clients (win 10 / 11) are intune managed with Defender Policies + ATP Onboarded.
As far as I got, I'm able to get all intune managed devices with basic infos via https://graph.microsoft.com/v1.0/deviceManagement/managedDevices
Then I tried to retreive the Protection state, but I need a "detectedAppId" before I can retreive the state per unique device id. I tried to get the AppId via below graph call, but I got nothing in return (only 200 OK)
https://graph.microsoft.com/v1.0/deviceManagement/detectedApps?$filter=displayName eq 'Windows Defender Antivirus'
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#deviceManagement/detectedApps",
"@odata.count": 0,
"@microsoft.graph.tips": "Use $select to choose only the properties your app needs, as this can lead to performance improvements. For example: GET deviceManagement/detectedApps?$select=deviceCount,displayName",
"value": []
}
When I check the "Discovered Apps" in Intune, I don't see any entry for Defender nor AntiVirus nor AntiMalware or something else.
Which "detectedAppId" is required for the below graph call?
https://graph.microsoft.com/v1.0/deviceManagement/detectedApps/{detectedAppId}/managedDevices/{managedDeviceId}/windowsProtectionState