Server Domain Firewall Profile Check
Query
//This query identifies Windows Servers not compliant with domain firewall profile protection
DeviceTvmSecureConfigurationAssessment
| where ConfigurationId == "scid-2072" //scid for Domain Profile protection
| where IsCompliant != "1" //We only want to filter what ISN'T compliant!
| where OSPlatform contains "WindowsServer" //For our use case, we only care about Servers.
| project DeviceNameExplanation
This query is designed to find Windows Servers that are not compliant with domain firewall profile protection. Here's a breakdown of what it does:
- It looks at data from
DeviceTvmSecureConfigurationAssessment, which contains security configuration assessments for devices. - It filters the data to focus on a specific security configuration, identified by
scid-2072, which relates to domain profile protection. - It further filters the results to include only those entries where the compliance status is not "1" (meaning they are not compliant).
- It narrows down the results to devices running on the Windows Server operating system.
- Finally, it selects and displays the names of the non-compliant devices.
Details

Philip Marsh
Released: November 10, 2024
Tables
DeviceTvmSecureConfigurationAssessment
Keywords
DeviceTvmSecureConfigurationAssessmentIdIsCompliantOSPlatformName
Operators
|where==!=containsproject