KQL Search

Query Details

Visualization Defender Machine Groups

Query

# Visualize the devices in the defined machinegroups

In order to get results the device groups need to be defined: [MS Documentation](https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/machine-groups?view=o365-worldwide)

### Defender For Endpoint

```
DeviceInfo
| summarize dcount(DeviceName) by MachineGroup
| sort by dcount_DeviceName
| render columnchart with(title="Total Devices by MachineGroup")
```
### Sentinel
```
DeviceInfo
| summarize dcount(DeviceName) by MachineGroup
| sort by dcount_DeviceName
| render columnchart with(title="Total Devices by MachineGroup")
```

Explanation

The query is retrieving information about the devices in specific machine groups and visualizing the total number of devices in each group using a column chart. The query is executed in both Defender for Endpoint and Sentinel.

Details

Bert-Jan Pals

Released: March 8, 2023

Tables

DeviceInfo

Keywords

Devices,MachineGroup

Operators

summarizedcountbysortrender

KQL Search

Visualization Defender Machine Groups

Query

Explanation

Details

Actions