Forum Discussion
Advance Hunting Registry queries
Hello All,
We are trying to query one registry value with help of advance hunting queries, we are unable to find the value
Registry Path Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Policies\PassportForWork\Biometrics
Registry Value: EnableESSwithSupportedPeripherals
No output attached screenshot of the message
1 Reply
- As the table name implies, MDE records events, maybe there aren't any related to this value. Also possible that MDE simply doesn't log events related to this value because it isn't considered relevant. MDE makes a lot of compromises like this in the interest of limiting local and cloud resources.
