Technical
      Back to home
      1. Knowledge Base
      2. Technical

      ContraForce Gamebooks for Microsoft Defender XDR Service Principal

      This article provides an overview of the Gamebooks for Microsoft Defender XDR Service Principal.

      ContraForce API Overview

      The Gamebooks for Microsoft Defender XDR service principal is used to authorize MDE Gamebook executions that target Endpoint entities. Specifically, quaranting files, scanning devices, and isolating hosts from a network are the supported actions. By default, consent can be granted for this service principal with delegated type permissions; however, application type permissions can be consented as well, which allow for ContraForce services to run these gamebook actions in a customer’s tenant without a service provider’s user having to be present in their customer’s tenant.

       

      `If you have any questions, contact us at support@contraforce.com. 

       

      Client ID` ad7b0e79-3c37-4408-bf8f-eb89522cc920
      API WindowsDefenderATP
      Permission Machine.Isolate
      Type Delegated
      Admin Consent Required Yes
      Purpose This permission allows the ContraForce Gamebooks for Microsoft Defender for Endpoint service principal to isolate an endpoint on behalf of the signed in user.

       

      Client ID` ad7b0e79-3c37-4408-bf8f-eb89522cc920
      API WindowsDefenderATP
      Permission Machine.Offboard
      Type Delegated
      Admin Consent Required Yes
      Purpose This permission allows the ContraForce Gamebooks for Microsoft Defender for Endpoint service principal to offboard an endpoint on behalf of the signed in user.

       

      Client ID` ad7b0e79-3c37-4408-bf8f-eb89522cc920
      API WindowsDefenderATP
      Permission Machine.Scan
      Type Delegated
      Admin Consent Required Yes
      Purpose This permission allows the ContraForce Gamebooks for Microsoft Defender for Endpoint service principal to initiate a Microsoft Defender Antivirus scan on an endpoint on behalf of the signed in user.

       

      Client ID` ad7b0e79-3c37-4408-bf8f-eb89522cc920
      API WindowsDefenderATP
      Permission Machine.StopAndQuarantine
      Type Delegated
      Admin Consent Required Yes
      Purpose This permission allows the ContraForce Gamebooks for Microsoft Defender for Endpoint service principal to stop a file’s execution and delete it from an endpoint on behalf of the signed in user.