MC1220762: Retirement notice: MDE and XDR APIs retiring; migrate to Microsoft Graph Security API
🚨
Major Update: This post contains a significant change that may impact your organisation.
[Introduction]
We’re retiring the Microsoft Defender for Endpoint (MDE) API and XDR API and transitioning customers to the Microsoft Graph Security API. This update aligns our security integrations with a unified interface and schema across Microsoft Defender products. The Microsoft Graph Security API provides broader data coverage, improved consistency, and better scalability for automation and security workflows.
[When this will happen]
- Retirement start: February 6, 2026
- Full retirement: February 1, 2027
- After February 1, 2027, the MDE and XDR APIs will no longer function.
[How this affects your organization]
Who is affected:
- Organizations using the MDE API or XDR API for automation, integration, or custom workflows.
- You are receiving this message because our reporting indicates your organization may be using these APIs.
What will happen:
- The MDE and XDR APIs will stop functioning after February 1, 2027.
- Existing scripts, automations, and workflows that rely on these APIs will fail if not updated.
- The Microsoft Graph Security API will be the supported API for accessing Microsoft security data.
- No automatic migration will occur; manual updates will be required.
[What you can do to prepare]
- Migrate all existing API workflows to the Microsoft Graph Security API by January 31, 2027.
- Update internal documentation, automation scripts, and integration endpoints to use the Microsoft Graph Security API.
- Communicate these changes to your security operations, engineering, and development teams.
- Review Microsoft documentation to plan your migration: Use the Microsoft Graph security API.
- If your organization uses custom solutions, validate that new queries and response schemas work as expected before the retirement date.
Learn more:
- Advanced hunting - Use the Microsoft Graph security API | Microsoft Graph | Microsoft Learn
- Migrate from the older APIs - Use the Microsoft Graph security API | Microsoft Graph | Microsoft Learn
- (to be retired) Microsoft Defender for Endpoint (MDE) API
- (to be retired) Microsoft Defender XDR API
[Compliance considerations]
No compliance considerations identified. Review as appropriate for your organization.