Forum Discussion
Device Inventory and discovery - private vs corporate network
Trying to sanity‑check something in Defender, and hoping this is the right place given how many Defender products exist now.
Goal: get an accurate device inventory of everything connected to the network. I’ve gone through the configuration so it should only be showing devices on our corporate network. We’re a mixed environment with on‑prem users, remote/VPN users, and external endpoints.
What I’m unsure about: Devices showing 10.x.x.x make sense — that’s our internal corporate network. But I’m also seeing devices with 192.168.x.x addresses.
In a Defender device inventory, what would typically cause 192.168.x.x devices to appear? Are these likely remote/VPN clients, home routers, or something misconfigured?
Posting screen snip of some findings.
2 Replies
Hi HathMH
Private IPs cannot be routable on the internet, so they are never external assets. Defender device inventory reports usually discovers all local IP address of the device (i.e 192.168.x.x). If you go to defender reports you will see the public/external IP's are separately listed.
192.168.x.x typically can be
- Endpoints
- Remote or VPN Connected users (local home IP)
- Non managed endpoints sometimes like home routers, printers, NAS, IOT devices etc
This is very common for hybrid/remote work environments with always on VPN, split tunnel VPN and ZTNA/SASE setup.
If you find the answer useful, please do not forget to like and mark it as a solution 🙂
Thank you. I knew that those are private IPs. I'm just wondering why Defender is reporting them on the scans since it is configured to filter out private (personal) IPs from the corporate network.
Defender uses endpoints as it's sensor and telemetry and is configured to ignore items on someone's home network and instead report things connected to the organization network.
I guess these item may have just been a glitch in that config.
