Forum Discussion
MarshMadness
Apr 14, 2021Copper Contributor
Local Group Enumeration in MDE?
Wondering if it is possible to enumerate local group membership (Administrators, Remote Desktop Admins etc.) via Defender for Endpoint. If not directly, perhaps there is a way via Advanced Hunting?
I did a quick look but did not find anything obvious.
Thanks in advance,
Kevin
- marysia_kMicrosoftHi Kevin, unfortunately MDE does not currently have the capacity to do this. One option could be to write a custom PowerShell script that works with Live Response.