Query Details
Device Configuration Not Compliant
Query
# Device congifuration not compliant ---- ### Defender For Endpoint ``` DeviceTvmSecureConfigurationAssessment | join DeviceTvmSecureConfigurationAssessmentKB on ConfigurationId | where IsCompliant == 0 and IsApplicable == 1 | summarize ConfigurationImpactScore = sum(ConfigurationImpact), ImpactedConfiguration = make_set(ConfigurationName), ConfigID = make_set(ConfigurationId) by DeviceName | sort by ConfigurationImpactScore ```
Explanation
This query is checking for devices that are not compliant with the secure configuration requirements in Defender for Endpoint. It joins the DeviceTvmSecureConfigurationAssessment table with the DeviceTvmSecureConfigurationAssessmentKB table based on the ConfigurationId. It filters for devices where IsCompliant is 0 (not compliant) and IsApplicable is 1 (applicable). It then summarizes the total impact score and lists the impacted configurations for each device, sorted by the configuration impact score.
Details
Bert-Jan Pals
Released: February 14, 2023
Tables
DeviceTvmSecureConfigurationAssessmentDeviceTvmSecureConfigurationAssessmentKB
Keywords
Device,Defender,Endpoint
Operators
joinwheresummarizemake_setsort by