Need report query for Vulnerable devices

Thanks for the reply and explanation, hopefully Microsoft see this and let us know how/when/if we can access that internal data.

Thanks for the search, it need to be tolower(VulnerabilitySeverityLevel) for anyone that gets an error.

My goal is to try determining a trend to see if the critical vulnerabilities are getting patched accordingly.

This is a search I came up with:

First I need to know the devices that actually was used, to make the graph smoother I use 3 days instead of 1d which makes it dump on weekends.
Then I make sure that a device has at least one critical cve.
Then basically graph it.

DeviceEvents
| summarize count() by bin(Timestamp, 3d), DeviceId
| lookup (DeviceTvmSoftwareVulnerabilities| project CveId,VulnerabilitySeverityLevel,DeviceId) on DeviceId
| lookup DeviceInfo on DeviceId
| where VulnerabilitySeverityLevel == "Critical"
| distinct Timestamp,DeviceId,CveId
| summarize devices=dcount(DeviceId) by Timestamp
| render timechart 

I would like to add(but dont know how) somehow a check that "max(bin) is less then PublishedDate for each "bin". 
For example, lets say all patches was applied up until yesterday (0 critical) then today 10 new was released and found on multiple devices today. My search then would think that there many unpatched devices but they were actually unknown up until today.