Forum Discussion
List of End of Life OS and Software in MS Defender
Hi.
In MS Defender, is it possible to get a report of devices which are End of Life (eg. Windows Server 2003) along with any end of line/out of support software (eg. .net 1.1, or specific apps) , which may be running on any device?
I'm aware we can get security recommendations - but are there any more granular reports available, either through the Defender GUI, or via KQL?
Thanks for any help,
Mark
marktait19 Try this Advanced Hunting Query
DeviceTvmSoftwareInventory
| where isnotempty(EndOfSupportStatus)
| summarize count() by SoftwareVendor,SoftwareName,EndOfSupportStatus, EndOfSupportDateThat gives you the high level summary.
Then if you want a list of the specific devices that are running unsupported versions of Windows 10, you can run this query:
DeviceTvmSoftwareInventory| where isnotempty(EndOfSupportStatus) and SoftwareName == "windows_10"| join kind=inner( DeviceInfo)on DeviceName| summarize count() by DeviceName, SensorHealthState, OSDistribution, OSVersion, OSBuild
1 Reply
marktait19 Try this Advanced Hunting Query
DeviceTvmSoftwareInventory
| where isnotempty(EndOfSupportStatus)
| summarize count() by SoftwareVendor,SoftwareName,EndOfSupportStatus, EndOfSupportDateThat gives you the high level summary.
Then if you want a list of the specific devices that are running unsupported versions of Windows 10, you can run this query:
DeviceTvmSoftwareInventory| where isnotempty(EndOfSupportStatus) and SoftwareName == "windows_10"| join kind=inner( DeviceInfo)on DeviceName| summarize count() by DeviceName, SensorHealthState, OSDistribution, OSVersion, OSBuild