Query Details
Server Domain Firewall Profile Check
Query
//This query identifies Windows Servers not compliant with domain firewall profile protection DeviceTvmSecureConfigurationAssessment | where ConfigurationId == "scid-2072" //scid for Domain Profile protection | where IsCompliant != "1" //We only want to filter what ISN'T compliant! | where OSPlatform contains "WindowsServer" //For our use case, we only care about Servers. | project DeviceName
Explanation
This query is designed to find Windows Servers that are not compliant with domain firewall profile protection. Here's a breakdown of what it does:
- It looks at data from
DeviceTvmSecureConfigurationAssessment, which contains security configuration assessments for devices. - It filters the data to focus on a specific security configuration, identified by
scid-2072, which relates to domain profile protection. - It further filters the results to include only those entries where the compliance status is not "1" (meaning they are not compliant).
- It narrows down the results to devices running on the Windows Server operating system.
- Finally, it selects and displays the names of the non-compliant devices.
Details
Philip Marsh
Released: November 10, 2024
Tables
DeviceTvmSecureConfigurationAssessment
Keywords
DeviceTvmSecureConfigurationAssessmentConfigurationIdIsCompliantOSPlatformDeviceName
Operators
|where==!=containsproject