|
1050 | 1050 | "title": "Page of Managed Device Objects", |
1051 | 1051 | "type": "object" |
1052 | 1052 | }, |
| 1053 | + "ObjectPage.ManagedPrivilegedDevice": { |
| 1054 | + "properties": { |
| 1055 | + "@odata.count": { |
| 1056 | + "nullable": true, |
| 1057 | + "type": "number" |
| 1058 | + }, |
| 1059 | + "@odata.nextLink": { |
| 1060 | + "nullable": true, |
| 1061 | + "type": "string" |
| 1062 | + }, |
| 1063 | + "value": { |
| 1064 | + "items": { |
| 1065 | + "$ref": "#/components/schemas/ManagedObject.PrivilegedDevice" |
| 1066 | + }, |
| 1067 | + "minItems": 0, |
| 1068 | + "type": "array" |
| 1069 | + } |
| 1070 | + }, |
| 1071 | + "required": [ |
| 1072 | + "value" |
| 1073 | + ], |
| 1074 | + "title": "Page of Managed Privileged Device Objects", |
| 1075 | + "type": "object" |
| 1076 | + }, |
1053 | 1077 | "ObjectPage.ManagedUser": { |
1054 | 1078 | "properties": { |
1055 | 1079 | "@odata.count": { |
|
1081 | 1105 | "title": "Page of Managed User Objects", |
1082 | 1106 | "type": "object" |
1083 | 1107 | }, |
| 1108 | + "ObjectPage.ManagedPrivilegedUser": { |
| 1109 | + "properties": { |
| 1110 | + "@odata.count": { |
| 1111 | + "nullable": true, |
| 1112 | + "type": "number" |
| 1113 | + }, |
| 1114 | + "@odata.nextLink": { |
| 1115 | + "nullable": true, |
| 1116 | + "type": "string" |
| 1117 | + }, |
| 1118 | + "value": { |
| 1119 | + "items": { |
| 1120 | + "$ref": "#/components/schemas/ManagedObject.PrivilegedUser" |
| 1121 | + }, |
| 1122 | + "minItems": 0, |
| 1123 | + "type": "array" |
| 1124 | + } |
| 1125 | + }, |
| 1126 | + "required": [ |
| 1127 | + "value" |
| 1128 | + ], |
| 1129 | + "title": "Page of Managed Privileged User Objects", |
| 1130 | + "type": "object" |
| 1131 | + }, |
1084 | 1132 | "SecurityClassList": { |
1085 | 1133 | "description": "Security class types as described in https://learn.microsoft.com/en-us/security/compass/privileged-access-security-levels.", |
1086 | 1134 | "enum": [ |
|
2368 | 2416 | ] |
2369 | 2417 | } |
2370 | 2418 | }, |
| 2419 | + "/Api/Defend/Device/Type/Privileged": { |
| 2420 | + "get": { |
| 2421 | + "description": "Returns a list of all privileged managed devices.\n\nThis endpoint requires the `Device.Privileged.Read`, `Device.Privileged.ReadWrite`, or the `Everything.ReadWrite` scope (permission).", |
| 2422 | + "operationId": "/Api/Defend/Device/Type/Privileged/Get", |
| 2423 | + "parameters": [ |
| 2424 | + { |
| 2425 | + "$ref": "#/components/parameters/nextLink" |
| 2426 | + }, |
| 2427 | + { |
| 2428 | + "$ref": "#/components/parameters/search" |
| 2429 | + } |
| 2430 | + ], |
| 2431 | + "responses": { |
| 2432 | + "200": { |
| 2433 | + "content": { |
| 2434 | + "application/json": { |
| 2435 | + "schema": { |
| 2436 | + "$ref": "#/components/schemas/ObjectPage.ManagedPrivilegedDevice" |
| 2437 | + } |
| 2438 | + } |
| 2439 | + }, |
| 2440 | + "description": "OK" |
| 2441 | + }, |
| 2442 | + "401": { |
| 2443 | + "$ref": "#/components/responses/401" |
| 2444 | + }, |
| 2445 | + "525": { |
| 2446 | + "$ref": "#/components/responses/525" |
| 2447 | + } |
| 2448 | + }, |
| 2449 | + "summary": "Get All Privileged Devices", |
| 2450 | + "tags": [ |
| 2451 | + "Device Management" |
| 2452 | + ] |
| 2453 | + } |
| 2454 | + }, |
2371 | 2455 | "/Api/Defend/Device/Type/{securityClass}": { |
2372 | 2456 | "get": { |
2373 | 2457 | "description": "Returns a list of all devices managed or unmanaged.\n\nThis endpoint requires the `Device.Privileged.Read`, `Device.Privileged.ReadWrite`, `Device.Specialized.Read`, `Device.Specialized.ReadWrite`, `Device.Enterprise.ReadWrite`, `Device.Enterprise.Read`, or the `Everything.ReadWrite` scope (permission). The security class parameter in the URL path corresponds to the same permission in the scope. That means if you are granted a privileged role, you can only call the privilege class URL. When reading the `unmanaged` objects, any security class permission can read them, no need for a specific `unmanaged` class assignment.", |
|
2638 | 2722 | ] |
2639 | 2723 | } |
2640 | 2724 | }, |
| 2725 | + "/Api/Defend/User/Type/Privileged": { |
| 2726 | + "get": { |
| 2727 | + "description": "Returns a list of all privileged managed users.\n\nThis endpoint requires the `User.Privileged.Read`, `User.Privileged.ReadWrite`, or the `Everything.ReadWrite` scope (permission).", |
| 2728 | + "operationId": "/Api/Defend/User/Type/Privileged/Get", |
| 2729 | + "parameters": [ |
| 2730 | + { |
| 2731 | + "$ref": "#/components/parameters/nextLink" |
| 2732 | + }, |
| 2733 | + { |
| 2734 | + "$ref": "#/components/parameters/search" |
| 2735 | + } |
| 2736 | + ], |
| 2737 | + "responses": { |
| 2738 | + "200": { |
| 2739 | + "content": { |
| 2740 | + "application/json": { |
| 2741 | + "schema": { |
| 2742 | + "$ref": "#/components/schemas/ObjectPage.ManagedPrivilegedUser" |
| 2743 | + } |
| 2744 | + } |
| 2745 | + }, |
| 2746 | + "description": "OK" |
| 2747 | + }, |
| 2748 | + "401": { |
| 2749 | + "$ref": "#/components/responses/401" |
| 2750 | + }, |
| 2751 | + "525": { |
| 2752 | + "$ref": "#/components/responses/525" |
| 2753 | + } |
| 2754 | + }, |
| 2755 | + "summary": "Get All Privileged Users", |
| 2756 | + "tags": [ |
| 2757 | + "User Management" |
| 2758 | + ] |
| 2759 | + } |
| 2760 | + }, |
2641 | 2761 | "/Api/Defend/User/{userId}/Type/{securityClass}": { |
2642 | 2762 | "delete": { |
2643 | 2763 | "description": "Deletes the user account and removes the management artifacts.\n\nThis endpoint requires the `User.Privileged.ReadWrite`, `User.Specialized.ReadWrite`, `User.Enterprise.ReadWrite`, or the `Everything.ReadWrite` scope (permission). The security class parameter in the URL path corresponds to the same permission in the scope. That means if you are granted a privileged role, you can only call the privilege class URL.", |
|
0 commit comments