Query Details
MDE MMA Update
Query
# Mandatory update of MMA agent on Windows devices for Microsoft Defender for Endpoint
## Query Information
### Description
Upgrade to the latest version of the Windows Log Analytics / SCOM agent (MMA) by February 1st, 2023
Microsoft Defender for Endpoint (MDE) running on Windows 7 SP1, Windows 8.1, Windows Server 2008 R2 and Windows Server 2012 R2/2016 (that have not yet been upgraded to the unified solution) has a dependency on the Microsoft Monitoring Agent (MMA).
#### References
[Message Center](https://admin.microsoft.com/Adminportal/Home?source=applauncher&ref=MessageCenter/:/messages/MC455194)
### Microsoft 365 Defender
To identify affected machines in your environment, you can run the following query in advanced hunting:
```kql
// MMA Agents end of life
DeviceTvmSoftwareInventory
| where SoftwareName == "monitoring_agent"
| where (SoftwareVersion startswith "10.22" and parse_version(SoftwareVersion) < parse_version("10.22.10056.0"))
or (SoftwareVersion startswith "10.20" and parse_version(SoftwareVersion) < parse_version("10.20.18053.0"))
or (parse_version(SoftwareVersion) < parse_version("10.19.101770.0"))
```
Explanation
The query is used to identify machines in an environment that need to be updated to the latest version of the Windows Log Analytics / SCOM agent (MMA) by February 1st, 2023. This update is necessary for Microsoft Defender for Endpoint (MDE) running on certain Windows operating systems. The query checks the software version of the MMA agent and identifies machines that have versions older than specified thresholds.
Details
Alex Verboon
Released: June 4, 2023
Tables
DeviceTvmSoftwareInventory
Keywords
Devices,Intune,User
Operators
where|==startswithparse_version<