Namespace: microsoft.graph
Note: The Microsoft Graph API for Intune requires an active Intune license for the tenant.
Create a new malwareStateForWindowsDevice object.
This API is available in the following national cloud deployments.
| Global service |
US Government L4 |
US Government L5 (DOD) |
China operated by 21Vianet |
| ✅ |
✅ |
✅ |
✅ |
Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.
| Permission type |
Permissions (from least to most privileged) |
| Delegated (work or school account) |
DeviceManagementManagedDevices.ReadWrite.All |
| Delegated (personal Microsoft account) |
Not supported. |
| Application |
DeviceManagementManagedDevices.ReadWrite.All |
HTTP Request
POST /deviceManagement/windowsMalwareInformation/{windowsMalwareInformationId}/deviceMalwareStates
Request body
In the request body, supply a JSON representation for the malwareStateForWindowsDevice object.
The following table shows the properties that are required when you create the malwareStateForWindowsDevice.
| Property |
Type |
Description |
| id |
String |
The unique Identifier. This is device id. |
| deviceName |
String |
Indicates the name of the device being evaluated for malware state |
| executionState |
windowsMalwareExecutionState |
Indicates execution status of the malware. Possible values are: unknown, blocked, allowed, running, notRunning. Defaults to unknown. Possible values are: unknown, blocked, allowed, running, notRunning. |
| threatState |
windowsMalwareThreatState |
Indicates threat status of the malware. Possible values are: active, actionFailed, manualStepsRequired, fullScanRequired, rebootRequired, remediatedWithNonCriticalFailures, quarantined, removed, cleaned, allowed, noStatusCleared. defaults to noStatusCleared. Possible values are: active, actionFailed, manualStepsRequired, fullScanRequired, rebootRequired, remediatedWithNonCriticalFailures, quarantined, removed, cleaned, allowed, noStatusCleared. |
| initialDetectionDateTime |
DateTimeOffset |
Initial detection datetime of the malware |
| lastStateChangeDateTime |
DateTimeOffset |
The last time this particular threat was changed |
| detectionCount |
Int32 |
Indicates the number of times the malware is detected |
Response
If successful, this method returns a 201 Created response code and a malwareStateForWindowsDevice object in the response body.
Example
Request
Here is an example of the request.
POST https://graph.microsoft.com/v1.0/deviceManagement/windowsMalwareInformation/{windowsMalwareInformationId}/deviceMalwareStates
Content-type: application/json
Content-length: 334
{
"@odata.type": "#microsoft.graph.malwareStateForWindowsDevice",
"deviceName": "Device Name value",
"executionState": "blocked",
"threatState": "actionFailed",
"initialDetectionDateTime": "2016-12-31T23:57:05.3889692-08:00",
"lastStateChangeDateTime": "2016-12-31T23:59:51.0767794-08:00",
"detectionCount": 14
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new MalwareStateForWindowsDevice
{
OdataType = "#microsoft.graph.malwareStateForWindowsDevice",
DeviceName = "Device Name value",
ExecutionState = WindowsMalwareExecutionState.Blocked,
ThreatState = WindowsMalwareThreatState.ActionFailed,
InitialDetectionDateTime = DateTimeOffset.Parse("2016-12-31T23:57:05.3889692-08:00"),
LastStateChangeDateTime = DateTimeOffset.Parse("2016-12-31T23:59:51.0767794-08:00"),
DetectionCount = 14,
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.DeviceManagement.WindowsMalwareInformation["{windowsMalwareInformation-id}"].DeviceMalwareStates.PostAsync(requestBody);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
mgc device-management windows-malware-information device-malware-states create --windows-malware-information-id {windowsMalwareInformation-id} --body '{\
"@odata.type": "#microsoft.graph.malwareStateForWindowsDevice",\
"deviceName": "Device Name value",\
"executionState": "blocked",\
"threatState": "actionFailed",\
"initialDetectionDateTime": "2016-12-31T23:57:05.3889692-08:00",\
"lastStateChangeDateTime": "2016-12-31T23:59:51.0767794-08:00",\
"detectionCount": 14\
}\
'
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
"time"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewMalwareStateForWindowsDevice()
deviceName := "Device Name value"
requestBody.SetDeviceName(&deviceName)
executionState := graphmodels.BLOCKED_WINDOWSMALWAREEXECUTIONSTATE
requestBody.SetExecutionState(&executionState)
threatState := graphmodels.ACTIONFAILED_WINDOWSMALWARETHREATSTATE
requestBody.SetThreatState(&threatState)
initialDetectionDateTime , err := time.Parse(time.RFC3339, "2016-12-31T23:57:05.3889692-08:00")
requestBody.SetInitialDetectionDateTime(&initialDetectionDateTime)
lastStateChangeDateTime , err := time.Parse(time.RFC3339, "2016-12-31T23:59:51.0767794-08:00")
requestBody.SetLastStateChangeDateTime(&lastStateChangeDateTime)
detectionCount := int32(14)
requestBody.SetDetectionCount(&detectionCount)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
deviceMalwareStates, err := graphClient.DeviceManagement().WindowsMalwareInformation().ByWindowsMalwareInformationId("windowsMalwareInformation-id").DeviceMalwareStates().Post(context.Background(), requestBody, nil)
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
MalwareStateForWindowsDevice malwareStateForWindowsDevice = new MalwareStateForWindowsDevice();
malwareStateForWindowsDevice.setOdataType("#microsoft.graph.malwareStateForWindowsDevice");
malwareStateForWindowsDevice.setDeviceName("Device Name value");
malwareStateForWindowsDevice.setExecutionState(WindowsMalwareExecutionState.Blocked);
malwareStateForWindowsDevice.setThreatState(WindowsMalwareThreatState.ActionFailed);
OffsetDateTime initialDetectionDateTime = OffsetDateTime.parse("2016-12-31T23:57:05.3889692-08:00");
malwareStateForWindowsDevice.setInitialDetectionDateTime(initialDetectionDateTime);
OffsetDateTime lastStateChangeDateTime = OffsetDateTime.parse("2016-12-31T23:59:51.0767794-08:00");
malwareStateForWindowsDevice.setLastStateChangeDateTime(lastStateChangeDateTime);
malwareStateForWindowsDevice.setDetectionCount(14);
MalwareStateForWindowsDevice result = graphClient.deviceManagement().windowsMalwareInformation().byWindowsMalwareInformationId("{windowsMalwareInformation-id}").deviceMalwareStates().post(malwareStateForWindowsDevice);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
const options = {
authProvider,
};
const client = Client.init(options);
const malwareStateForWindowsDevice = {
'@odata.type': '#microsoft.graph.malwareStateForWindowsDevice',
deviceName: 'Device Name value',
executionState: 'blocked',
threatState: 'actionFailed',
initialDetectionDateTime: '2016-12-31T23:57:05.3889692-08:00',
lastStateChangeDateTime: '2016-12-31T23:59:51.0767794-08:00',
detectionCount: 14
};
await client.api('/deviceManagement/windowsMalwareInformation/{windowsMalwareInformationId}/deviceMalwareStates')
.post(malwareStateForWindowsDevice);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\MalwareStateForWindowsDevice;
use Microsoft\Graph\Generated\Models\WindowsMalwareExecutionState;
use Microsoft\Graph\Generated\Models\WindowsMalwareThreatState;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new MalwareStateForWindowsDevice();
$requestBody->setOdataType('#microsoft.graph.malwareStateForWindowsDevice');
$requestBody->setDeviceName('Device Name value');
$requestBody->setExecutionState(new WindowsMalwareExecutionState('blocked'));
$requestBody->setThreatState(new WindowsMalwareThreatState('actionFailed'));
$requestBody->setInitialDetectionDateTime(new \DateTime('2016-12-31T23:57:05.3889692-08:00'));
$requestBody->setLastStateChangeDateTime(new \DateTime('2016-12-31T23:59:51.0767794-08:00'));
$requestBody->setDetectionCount(14);
$result = $graphServiceClient->deviceManagement()->windowsMalwareInformation()->byWindowsMalwareInformationId('windowsMalwareInformation-id')->deviceMalwareStates()->post($requestBody)->wait();
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
Import-Module Microsoft.Graph.DeviceManagement
$params = @{
"@odata.type" = "#microsoft.graph.malwareStateForWindowsDevice"
deviceName = "Device Name value"
executionState = "blocked"
threatState = "actionFailed"
initialDetectionDateTime = [System.DateTime]::Parse("2016-12-31T23:57:05.3889692-08:00")
lastStateChangeDateTime = [System.DateTime]::Parse("2016-12-31T23:59:51.0767794-08:00")
detectionCount = 14
}
New-MgDeviceManagementWindowsMalwareInformationDeviceMalwareState -WindowsMalwareInformationId $windowsMalwareInformationId -BodyParameter $params
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.malware_state_for_windows_device import MalwareStateForWindowsDevice
from msgraph.generated.models.windows_malware_execution_state import WindowsMalwareExecutionState
from msgraph.generated.models.windows_malware_threat_state import WindowsMalwareThreatState
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = MalwareStateForWindowsDevice(
odata_type = "#microsoft.graph.malwareStateForWindowsDevice",
device_name = "Device Name value",
execution_state = WindowsMalwareExecutionState.Blocked,
threat_state = WindowsMalwareThreatState.ActionFailed,
initial_detection_date_time = "2016-12-31T23:57:05.3889692-08:00",
last_state_change_date_time = "2016-12-31T23:59:51.0767794-08:00",
detection_count = 14,
)
result = await graph_client.device_management.windows_malware_information.by_windows_malware_information_id('windowsMalwareInformation-id').device_malware_states.post(request_body)
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
Response
Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.
HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 383
{
"@odata.type": "#microsoft.graph.malwareStateForWindowsDevice",
"id": "ce06da73-da73-ce06-73da-06ce73da06ce",
"deviceName": "Device Name value",
"executionState": "blocked",
"threatState": "actionFailed",
"initialDetectionDateTime": "2016-12-31T23:57:05.3889692-08:00",
"lastStateChangeDateTime": "2016-12-31T23:59:51.0767794-08:00",
"detectionCount": 14
}