Oct 25 2019 04:31 PM
We are running Defender ATP client for Windows 10 and macOS. One challenge in MDATP is that there isn't any way to get the report that can show Defender AV definition version and its creation date for all machines. If we have such information, we can ensure that not only Defender ATP client is on machines but also it is functioning on machines.
The first screenshot is the Windows 10 definition information
The second screenshot is macOS definition information.
Does anyone know where and how to get much information?
Thanks,
Dean
May 21 2020 02:05 AM
You could visit Windows security-Settings-About to see the following:
Running the command Get-MpPreference as an administrative powershell window will give you all the policies applied to the machine. You should also see more information from the actual policy rolled out via Intune (now with the latest Endpoint Management portal).
May 23 2020 01:22 AM
@Dean_Chen If you are using SCCM/MECM for the Windows Clients, you can see the definitions there if the "Endpoint Protrection" Module is enabled and you manage the "Defender Part" of MDATP via SCCM.
I'm not sure, but I think there is a similar view in Intune (but again, not quite sure).
Another way to report this for all machines is an Advanced Hunting query:
Best regrads
Stefan