Forum Discussion

Diego-Gonzalez's avatar
Diego-Gonzalez
Copper Contributor
Jul 10, 2023

Search Agentless machines console defender for endpoint via script

How to search for machines in defender for endpoint that are without the agent installed.

  • Go to security.microsoft.com --> under Assets --> Devices. On top of that page you will find the number of devices that are not onboarded (can e.g. be identified if present in the same network as onboarded devices which can "see" the not onboarded devices).
    You can filter for devices not onboarded by opening the filter pane on the right --> under onboarding status select the ones you're looking for.
    If you want to see how a device not onboared was identified, click on the device name --> on the left under "device details" look for "recently seen by".

    hope that helps.
  • mrl's avatar
    mrl
    Copper Contributor
    Go to security.microsoft.com --> under Assets --> Devices. On top of that page you will find the number of devices that are not onboarded (can e.g. be identified if present in the same network as onboarded devices which can "see" the not onboarded devices).
    You can filter for devices not onboarded by opening the filter pane on the right --> under onboarding status select the ones you're looking for.
    If you want to see how a device not onboared was identified, click on the device name --> on the left under "device details" look for "recently seen by".

    hope that helps.
    • Diego-Gonzalez's avatar
      Diego-Gonzalez
      Copper Contributor
      I would just like to confirm something that I had already seen and resolved, thank you all very much.
  • usually the devices that are not onboarded to MDE are tagged under the onboarding status with "can be onboarded" if you filter using that status you can see all the devices that are not onboarded yet

Resources