Forum Discussion

Carlos_Valencia's avatar
Carlos_Valencia
Copper Contributor
Feb 03, 2025

Baseline Assesment Auditing Status Unknown

Hi

I am working with Microsoft Defender Vulnerability Management with the feature called Baseline Assessment.

I created a Baseline Profile with CIS compliant configurations and It was applied to 10 devices for testing.

Checking the compliant status I can observe that the Auditing Configurations are showed as Unknow.

Someone has experimented this situation?

Any recomendation?

 

Thanks for any comments.

 

 

 

  • luchete's avatar
    luchete
    Iron Contributor

    Hello Carlos_Valencia!

    I’ve seen this before. The “Unknown” auditing status usually happens if the devices haven’t reported back properly or if there’s a mismatch in configurations. My recommendation would be to check if the devices are properly connected to Microsoft Defender and ensure that the auditing configurations are correctly set up on each device.

    You might also want to verify that the devices are running the latest updates for Defender.

    For doing that first check if the devices are connected to Microsoft Defender by looking at their connection status in the Defender portal. Make sure the devices have the latest updates installed, especially for Defender. Then, check the auditing configurations in the Defender settings to ensure they match what’s set in the Baseline Profile.

    Finally you could also check the event logs on the devices to see if there are any issues related to reporting or compliance.

    Regards,

    • Carlos_Valencia's avatar
      Carlos_Valencia
      Copper Contributor

      Hi Luchete, thanks for your assistance

      The devices are properly connected to Microsoft Defender y the auditing configuration are correctly set up on the device.

      Could you tell me what event logs I should check?

      Could it be a bug in the platform?

      Regards

Resources