Forum Discussion

HathMH's avatar
HathMH
Copper Contributor
Mar 12, 2026

Device Inventory and discovery - private vs corporate network

Trying to sanity‑check something in Defender, and hoping this is the right place given how many Defender products exist now. Goal: get an accurate device inventory of everything connected to the net...
Pbv85's avatar
Pbv85
MCT
Mar 27, 2026

Hi HathMH​

Private IPs cannot be routable on the internet, so they are never external assets.  Defender device inventory reports usually discovers all local IP address of the device (i.e 192.168.x.x).  If you go to defender reports you will see the public/external IP's are separately listed. 

192.168.x.x typically can be 

  1. Endpoints
  2. Remote or VPN Connected users (local home IP) 
  3. Non managed endpoints sometimes like home routers, printers, NAS, IOT devices etc

This is very common for hybrid/remote work environments with always on VPN, split tunnel VPN and ZTNA/SASE setup.

 

If you find the answer useful, please do not forget to like and mark it as a solution 🙂

  • HathMH's avatar
    HathMH
    Copper Contributor
    Mar 27, 2026

    Thank you. I knew that those are private IPs. I'm just wondering why Defender is reporting them on the scans since it is configured to filter out private (personal) IPs from the corporate network. 

    Defender uses endpoints as it's sensor and telemetry and is configured to ignore items on someone's home network and instead report things connected to the organization network.

    I guess these item may have just been a glitch in that config.