Prioritize Secure Configuration
Query
DeviceTvmSecureConfigurationAssessment
| summarize TotalDevices = dcount(DeviceId) by ConfigurationId, ConfigurationCategory
| join kind=inner DeviceTvmSecureConfigurationAssessmentKB on ConfigurationId
| sort by ConfigurationImpact, TotalDevices
| project-reorder ConfigurationId, ConfigurationImpact, TotalDevices, ConfigurationName, ConfigurationCategory, ConfigurationSubcategoryAbout this query
Prioritize Secure Configuration
Query Information
Description
This query helps you prioritize configuration changes that affect your devices based on the Microsoft Defender TVM modules.
References
Defender XDR
Explanation
This query is designed to help prioritize configuration changes for devices using data from Microsoft Defender's Threat and Vulnerability Management (TVM) modules. Here's a simple breakdown of what the query does:
-
Data Source: It starts by accessing the
DeviceTvmSecureConfigurationAssessmenttable, which contains information about the security configuration assessments of devices. -
Summarization: It calculates the total number of unique devices (
TotalDevices) affected by each configuration issue, grouping the results byConfigurationIdandConfigurationCategory. -
Joining Data: The query then combines this summarized data with another table,
DeviceTvmSecureConfigurationAssessmentKB, using a common field,ConfigurationId. This helps enrich the data with additional details. -
Sorting: The results are sorted by
ConfigurationImpactand the number of affected devices (TotalDevices). This helps in identifying which configurations have the most significant impact and affect the most devices. -
Reordering Columns: Finally, it rearranges the columns in the output to display
ConfigurationId,ConfigurationImpact,TotalDevices,ConfigurationName,ConfigurationCategory, andConfigurationSubcategoryin a specific order.
Overall, this query helps identify and prioritize security configuration changes by showing which configurations impact the most devices and have the highest impact, allowing for more effective security management.
Details

Bert-Jan Pals
Released: October 20, 2024
Tables
Keywords
Operators