Microsoft Defender for Cloud – exemptions using REST API
This topic is something I have wanted to dive into for months, but I have found it difficult to wrap my head around how to get started.
I wanted to look into how I could get policy exemptions, the same way I already was getting Azure Policy exemptions using REST API. But Defender for Cloud Security Posture recommendations can both come from Azure Policy (Like Microsoft Cloud Security Benchmark) and Defender for Cloud Security Posture Management. But they are not exported the same way, was my conclusion from previous studies.
Not very easy to search for, but the required API endpoint is documented here (I found it by accident): https://learn.microsoft.com/en-us/rest/api/defenderforcloud/standard-assignments/get
While at it, I also wanted to create new exemptions using the same methods – this could be very useful in automation situations.
Hint: It is called standard assignments (exempt mode is what we want here), and I want to show you how to get, create and delete them using REST API.
I recommend reading the posts in listed order, to get all required commands and context.
Get (List)
Microsoft Defender for Cloud – Get exemptions using REST API
Create
Microsoft Defender for Cloud – Create exemptions using REST API
Delete
Microsoft Defender for Cloud – Delete exemptions using REST API
