Forum Discussion
KQL query for AntiVirus policy report
Hello all, Does anybody know of an KQL query that would return a list of AntiVirus policy configuration settings. I've been looking online and I can't find anything. I am aware of the 'Endpoint S...
Hi Maddenk
One possibility is to look what is available in the Windows Event Log
Applications and Services Logs > Microsoft > Windows > SENSE and click on Operational. cc Review events and errors using Event Viewer | Microsoft Docs
- Applications and Services Logs > Microsoft > Windows > Windows Defender and click on Operational cc Microsoft Defender Antivirus event IDs and error codes | Microsoft Docs
However, you may not find the information that is available through the Get-MpPreference PowerShell cmdlet.
If the goal is to have a desired state on machines managed by Azure (Either within Azure, either through Azure Arc) you could use Desired State Configuration .If the goal is to have an overview, maybe that an Azure automation runbook could help
Kind Regards,
Thomas
- Hi thomasdefise
Thanks for the reply. I understand that you can check the event logs for the machine, but can I get the same information using a KQL query?
Also, do you know where the KQL query is pulling the ConfigurationID information from?
Thanks for the reply.
