Forum Discussion
Checking Windows defender turned off
Hello, Is there a logs can get from sentinel to check if windows defender is turned off in one endpoint. Thanks.
Maybe something like this (there are other examples): https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/Microsoft%20365%20Defender/General%20queries/Endpoint%20Agent%20Health%20Status%20Report.yaml
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/check-sensor-status?view=o365-worldwide
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/check-sensor-status?view=o365-worldwide