Forum Discussion

marktait19's avatar
marktait19
Copper Contributor
Mar 21, 2024
Solved

List of End of Life OS and Software in MS Defender

Hi.

 

In MS Defender, is it possible to get a report of devices which are End of Life (eg. Windows Server 2003) along with any end of line/out of support software (eg. .net 1.1, or specific apps) , which may be running on any device?

 

I'm aware we can get security recommendations - but are there any more granular reports available, either through the Defender GUI, or via KQL?

 

Thanks for any help,

 

Mark

  • marktait19 Try this Advanced Hunting Query
    DeviceTvmSoftwareInventory
    | where isnotempty(EndOfSupportStatus)
    | summarize count() by SoftwareVendor,SoftwareName,EndOfSupportStatus, EndOfSupportDate

    That gives you the high level summary.

    Then if you want a list of the specific devices that are running unsupported versions of Windows 10, you can run this query:

     

    DeviceTvmSoftwareInventory
    | where isnotempty(EndOfSupportStatus) and SoftwareName == "windows_10"
    | join kind=inner
    ( DeviceInfo
    )
    on DeviceName
    | summarize count() by DeviceName, SensorHealthState, OSDistribution, OSVersion, OSBuild

     

1 Reply

  • Joe Stocker's avatar
    Joe Stocker
    Bronze Contributor

    marktait19 Try this Advanced Hunting Query
    DeviceTvmSoftwareInventory
    | where isnotempty(EndOfSupportStatus)
    | summarize count() by SoftwareVendor,SoftwareName,EndOfSupportStatus, EndOfSupportDate

    That gives you the high level summary.

    Then if you want a list of the specific devices that are running unsupported versions of Windows 10, you can run this query:

     

    DeviceTvmSoftwareInventory
    | where isnotempty(EndOfSupportStatus) and SoftwareName == "windows_10"
    | join kind=inner
    ( DeviceInfo
    )
    on DeviceName
    | summarize count() by DeviceName, SensorHealthState, OSDistribution, OSVersion, OSBuild

     

Resources