Forum Discussion
KQL query for AntiVirus policy report
Hello all, Does anybody know of an KQL query that would return a list of AntiVirus policy configuration settings. I've been looking online and I can't find anything. I am aware of the 'Endpoint S...
Kausd
Microsoft
Microsoft
You could join the two tables mentioned in the query and get a list of configuration id's that are related to your environment
DeviceTvmSecureConfigurationAssessment
| where ConfigurationSubcategory == 'Antivirus' and IsApplicable == 1 and IsCompliant == 0 // you can remove this line to get all the configuration Id's and then filter later if needed.
| join kind=innerunique (
DeviceTvmSecureConfigurationAssessmentKB
| project ConfigurationId, ConfigurationName, ConfigurationDescription, RiskDescription, Tags, ConfigurationImpact
) on ConfigurationId
| project DeviceName, OSPlatform, ConfigurationId, ConfigurationName, ConfigurationCategory, ConfigurationSubcategory, ConfigurationDescription, RiskDescription, ConfigurationImpact, Tags