Searches for machines in Microsoft Defender for Endpoint. If an IP address or DNS name are provided, the machines are filtered. If neither of those inputs are provided, all machines are returned. This atomic requires the following API permission: Ti.ReadWrite.All.

Target: Microsoft Defender for Endpoint (Commercial or GCC) integration target or HTTP Endpoint for "api.securitycenter.microsoft.com" with no path

Account Key: None if using an integration-provided target, access token if using an HTTP Endpoint target

Steps:
[] Build the authorization header
[] Build the relative URL
[] Search for devices
[] Check if the API request was successful:
[]> If it was, extract the first machine ID and set output variables
[]> If it wasn't, output an error

More information about this API: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/get-machines?view=o365-worldwide

Microsoft Defender for Endpoint - Search Machines