Views:
Takes actions on a batch of specified user accounts, including disabling a user account, requesting to enable multi-factor authentication (MFA) for a user account, requesting to reset password for a user account, and terminating all sign-in sessions of Microsoft services for a user account.

HTTPS Request

POST https://<serviceURL>/v1/mitigation/accounts

Request Parameters

Important
Important
The request must contain the required parameters.
Parameter
Description
Required Parameter
action_type
Action to take on a user account. Options include:
  • ACCOUNT_DISABLE: disables a user account
  • ACCOUNT_ENABLE_MFA: enforces a user to perform a multi-factor authentication before being forced to change their password
  • ACCOUNT_RESET_PASSWORD: requests to reset the password for a user account
  • ACCOUNT_REVOKE_SIGNIN_SESSIONS: terminates the current sign-in sessions of a user account so that the user will need to sign in again to Office 365 services next time
Important
Important
Before using the ACCOUNT_ENABLE_MFA, ACCOUNT_RESET_PASSWORD, and ACCOUNT_REVOKE_SIGNIN_SESSIONS actions, run a PowerShell script to assign the Company Administrator role to Cloud Email and Collaboration Protection. For details, see Assigning the user account administrator role.
service
Name of the protected service to which the API applies. Options include:
  • exchange
account_provider
Provider of the protected service. Options include:
  • office365
account_user_email
Email address used to create the user account

Request Example

POST https://api.tmcas.trendmicro.com/v1/mitigation/accounts
Authorization: Bearer 1de231142eef3f83928da98dc251fbebb6cafe77
Content-Type: application/json

[
{
  "action_type": "ACCOUNT_DISABLE",
  "service": "exchange",
  "account_provider": "office365",
  "account_user_email": "user1@example1.com"
},
{
  "action_type": "ACCOUNT_ENABLE_MFA",
  "service": "exchange",
  "account_provider": "office365",
  "account_user_email": "user2@example2.com"
}
]

HTTP Request Body

The request body is an array of user accounts with detailed information about each one.

Response

On success, the service sends back an HTTP 201 response and returns a response body in JSON format; otherwise, the service sends back an error message in JSON format with error details. For more information about errors, see API responses.

Response Example

HTTP/1.1 201
Content-Type: application/json

{
  "code": 0,
  "msg": "",
  "batch_id": "3fa85f64-5717-4562-b3fc-2c963f77afa6"
  "tracdId": "cabdfasdfdasfdsab-411f-a222-33ec6f44cc77"
}

Response Fields

The following table describes the available fields for the response body.
Field
Data Type
Description
code
Integer
Result code of the request. For an HTTP 201 response, the value is fixed to 0
msg
String
String describing the result code. For an HTTP 201 response, the value is null
batch_id
String
Unique ID of the API request, including all actions to take on user accounts specified within this request
You can use it to query the action results. For more information, see Query action results.
traceId
String
Randomly generated identity to uniquely trace the request