Query Details
Device EDR Configuration Not Compliant
Query
# Device EDR settings are not compliant ---- ### Defender For Endpoint ``` DeviceTvmSecureConfigurationAssessment | join DeviceTvmSecureConfigurationAssessmentKB on ConfigurationId | where IsCompliant == 0 and IsApplicable == 1 | where ConfigurationSubcategory == "EDR" ```
Explanation
This query is checking for devices that have EDR (Endpoint Detection and Response) settings that are not compliant. It specifically focuses on devices using Defender for Endpoint. It joins the DeviceTvmSecureConfigurationAssessment table with the DeviceTvmSecureConfigurationAssessmentKB table based on the ConfigurationId. It then filters for rows where IsCompliant is 0 (not compliant) and IsApplicable is 1 (applicable). Finally, it further filters for rows where the ConfigurationSubcategory is "EDR".
Details
Bert-Jan Pals
Released: February 14, 2023
Tables
DeviceTvmSecureConfigurationAssessmentDeviceTvmSecureConfigurationAssessmentKB
Keywords
Device,EDR,Defender,Endpoint
Operators
joinwhere==and!=