Take Actions on User Accounts | Trend Micro Service Central

Takes actions on a batch of specified user accounts, including disabling a user account, requesting to enable multi-factor authentication (MFA) for a user account, requesting to reset password for a user account, and terminating all sign-in sessions of Microsoft services for a user account.

HTTPS Request

POST https://<serviceURL>/v1/mitigation/accounts

Request Parameters

Important

The request must contain the required parameters.

Parameter

Description

Required Parameter

action_type

Action to take on a user account. Options include:

ACCOUNT_DISABLE: disables a user account
ACCOUNT_ENABLE_MFA: enforces a user to perform a multi-factor authentication before being forced to change their password
ACCOUNT_RESET_PASSWORD: requests to reset the password for a user account
ACCOUNT_REVOKE_SIGNIN_SESSIONS: terminates the current sign-in sessions of a user account so that the user will need to sign in again to Office 365 services next time

Important

Before using the ACCOUNT_ENABLE_MFA, ACCOUNT_RESET_PASSWORD, and ACCOUNT_REVOKE_SIGNIN_SESSIONS actions, run a PowerShell script to assign the Company Administrator role to Cloud App Security. For details, see Assigning the User Account Administrator Role.

service

Name of the protected service to which the API applies. Options include:

exchange

account_provider

Provider of the protected service. Options include:

office365

account_user_email

Email address used to create the user account

Request Example

POST https://api.tmcas.trendmicro.com/v1/mitigation/accounts
Authorization: Bearer 1de231142eef3f83928da98dc251fbebb6cafe77
Content-Type: application/json

[
{
  "action_type": "ACCOUNT_DISABLE",
  "service": "exchange",
  "account_provider": "office365",
  "account_user_email": "user1@example1.com"
},
{
  "action_type": "ACCOUNT_ENABLE_MFA",
  "service": "exchange",
  "account_provider": "office365",
  "account_user_email": "user2@example2.com"
}
]

HTTP Request Body

The request body is an array of user accounts with detailed information about each one.

Response

On success, the service sends back an HTTP 201 response and returns a response body in JSON format; otherwise, the service sends back an error message in JSON format with error details. For more information about errors, see API Responses.

Response Example

HTTP/1.1 201
Content-Type: application/json

{
  "code": 0,
  "msg": "",
  "batch_id": "3fa85f64-5717-4562-b3fc-2c963f77afa6"
  "tracdId": "cabdfasdfdasfdsab-411f-a222-33ec6f44cc77"
}

Response Fields

The following table describes the available fields for the response body.

Field	Data Type	Description
`code`	Integer	Result code of the request. For an HTTP 201 response, the value is fixed to 0
`msg`	String	String describing the result code. For an HTTP 201 response, the value is null
`batch_id`	String	Unique ID of the API request, including all actions to take on user accounts specified within this request You can use it to query the action results. For more information, see Query Action Results.
`traceId`	String	Randomly generated identity to uniquely trace the request