Take Actions on User Accounts | Trend Micro Service Central

Takes actions on a batch of specified user accounts, including disabling a user account, requesting to enable multi-factor authentication (MFA) for a user account, requesting to reset password for a user account, and terminating all sign-in sessions of Microsoft services for a user account.

HTTPS Request

POST https://<serviceURL>/v1/mitigation/accounts

Request Parameters

Important:

The request must contain the required parameters.

Parameter	Description
Required Parameter
`action_type`	Action to take on a user account. Options include: ACCOUNT_DISABLE: disables a user account ACCOUNT_ENABLE_MFA: enforces a user to perform a multi-factor authentication before being forced to change their password ACCOUNT_RESET_PASSWORD: requests to reset the password for a user account ACCOUNT_REVOKE_SIGNIN_SESSIONS: terminates the current sign-in sessions of a user account so that the user will need to sign in again to Office 365 services next time Important: Before using the ACCOUNT_ENABLE_MFA, ACCOUNT_RESET_PASSWORD, and ACCOUNT_REVOKE_SIGNIN_SESSIONS actions, run a PowerShell script to assign the Company Administrator role to Cloud App Security. For details, see Assigning the User Account Administrator Role.
`service`	Name of the protected service to which the API applies. Options include: exchange
`account_provider`	Provider of the protected service. Options include: office365
`account_user_email`	Email address used to create the user account

Request Example

POST https://api.tmcas.trendmicro.com/v1/mitigation/accounts
Authorization: Bearer 1de231142eef3f83928da98dc251fbebb6cafe77
Content-Type: application/json

[
{
  "action_type": "ACCOUNT_DISABLE",
  "service": "exchange",
  "account_provider": "office365",
  "account_user_email": "user1@example1.com"
},
{
  "action_type": "ACCOUNT_ENABLE_MFA",
  "service": "exchange",
  "account_provider": "office365",
  "account_user_email": "user2@example2.com"
}
]

HTTP Request Body

The request body is an array of user accounts with detailed information about each one.

Response

On success, the service sends back an HTTP 201 response and returns a response body in JSON format; otherwise, the service sends back an error message in JSON format with error details. For more information about errors, see API Responses.

Response Example

HTTP/1.1 201
Content-Type: application/json

{
  "code": 0,
  "msg": "",
  "batch_id": "3fa85f64-5717-4562-b3fc-2c963f77afa6"
  "tracdId": "cabdfasdfdasfdsab-411f-a222-33ec6f44cc77"
}

Response Fields

The following table describes the available fields for the response body.

Field	Data Type	Description
`code`	Integer	Result code of the request. For an HTTP 201 response, the value is fixed to 0
`msg`	String	String describing the result code. For an HTTP 201 response, the value is null
`batch_id`	String	Unique ID of the API request, including all actions to take on user accounts specified within this request You can use it to query the action results. For more information, see Query Action Results.
`traceId`	String	Randomly generated identity to uniquely trace the request