Advertising 22 AI & Machine Learning 144 AI Assistants 286 AI Image 81 AI Video 42 AI Voice 65 Analytics 69 automation 1145 Cloud & Infrastructure 98 Communication 362 Copywriting 17 CRM 192 Database 150 Developer Tools 434 E-commerce 132 Email Marketing 108 File Storage 116 Finance 130 HR & Recruiting 14 IoT & Hardware 39 Media 77 Project Management 91 SaaS 247 Security 91 SEM & PPC 24 SEO 99 Social Media 111 Utilities 394 VoIP & Telephony 134
Back to Nodes

Microsoft Defender API

v1.0.2
Last updated Dec 26, 2025

Integration with Microsoft Defender API

88 Weekly Downloads
88 Monthly Downloads
View on NPM GitHub Repository

Included Nodes

Microsoft Defender API

Description

n8n-nodes-msdefender

![CI](https://github.com/FrodeHus/n8n-nodes-msdefender/actions/workflows/ci.yml)

This is an n8n community node. It lets you use Microsoft Defender in your n8n workflows.

Microsoft Defender is a comprehensive security solution that helps protect your devices and data from threats.
This node allows you to interact with the Microsoft Defender API to perform various security operations, such as managing devices, retrieving threat intelligence, and more.

n8n is a fair-code licensed workflow automation platform.

Installation
Operations
Credentials
Compatibility
Usage
Resources
Version history

Installation

Follow the installation guide in the n8n community nodes documentation.

Operations

  • Advanced Query: Run advanced queries against Microsoft Defender.
  • Alert: Manage and retrieve information about security alerts.

    • – Get Many: Retrieve many alerts.

  • Machine: Manage and retrieve information about devices.

    • – Add Or Remove Tag For Machine
    – Find By Tag
    – Get Many: Retrieve many machines.
    – Get Security Recommendations For Machine
    – List Installed Software For Machine

  • Exposure

    • – Get Current Exposure Score
    – Get Exposure Score By Machine Groups.

  • Machine Actions

    • – Isolate Machine
    – Release Machine from Isolation
    – List Machine Actions
    – Offboard Machine
    – Cancel Machine Action
    – Run Antivirus Scan

  • Vulnerability

    • – Get All Vulnerabilities
    – Get Machines By CVE
    – Get By Machine And Software

    Credentials

    To use this node, you need to set up an Entra ID (Azure AD) application and obtain the necessary credentials to access the Microsoft Defender API.

    1. Register an application in the Azure Portal.
    2. Assign the required API permissions to the application for Microsoft Defender.
    – Application permissions: AdvancedQuery.Read.All, Machine.ReadWrite.All, Score.Read.All, Machine.Isolate, Vulnerability.Read.All, SecurityRecommendation.Read.All, Machine.Scan, Machine.Offboard
    3. Grant admin consent for the permissions.
    4. Generate a client secret for the application.
    5. Note down the Application (client) ID, Directory (tenant) ID, and client secret.

    !Entra ID App Permissions

    When configuring the Microsoft Defender node in n8n, use the following credentials:

  • Client ID: The Application (client) ID from your Azure AD application.
  • Client Secret: The client secret generated for your Azure AD application.
  • Access Token URL: https://login.microsoftonline.com//oauth2/v2.0/token

    • Compatibility

    This node is compatible with latest n8n versions.

    Usage

    Try it out

    Resources

  • n8n community nodes documentation

    • Version history

  • 0.1.0 Initial release with Advanced Query and Machine operations.