%3CLINGO-SUB%20id%3D%22lingo-sub-1666326%22%20slang%3D%22en-US%22%3EAnnouncing%20new%20Endpoint%20Security%20Antivirus%20reports!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1666326%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3E%3CSTRONG%3EBy%3A%20Laura%20Arrizza%20-%20Program%20Manager%20%7C%20Microsoft%20Endpoint%20Manager%20-%20Intune%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EWe%20are%20introducing%20new%20Microsoft%20Defender%20Antivirus%20reports%20in%20the%20Microsoft%20Endpoint%20Manager%20admin%20center%20to%20help%20you%20monitor%20your%20devices%20for%20status%20on%20malware%20and%20Antivirus%20states.%20You%20will%20be%20able%20to%20use%20two%20new%20operational%20reports%20to%20see%20which%20devices%20need%20your%20attention%20and%20two%20organizational%20reports%20to%20view%20general%20AV%20information.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-1230418131%22%20id%3D%22toc-hId-1233067542%22%20id%3D%22toc-hId-1233067542%22%20id%3D%22toc-hId-1233067542%22%20id%3D%22toc-hId-1233067542%22%20id%3D%22toc-hId-1233067542%22%20id%3D%22toc-hId-1233067542%22%20id%3D%22toc-hId-1233067542%22%20id%3D%22toc-hId-1233067542%22%20id%3D%22toc-hId-1233067542%22%20id%3D%22toc-hId-1233067542%22%20id%3D%22toc-hId-1233067542%22%20id%3D%22toc-hId-1233067542%22%20id%3D%22toc-hId-1233067542%22%20id%3D%22toc-hId-1233067542%22%20id%3D%22toc-hId-1233067542%22%20id%3D%22toc-hId-1233067542%22%20id%3D%22toc-hId-1233067542%22%20id%3D%22toc-hId-1233067542%22%20id%3D%22toc-hId-1233067542%22%3E%3CSPAN%3ENew%20Operational%20Reports%20in%20Endpoint%20Security%3C%2FSPAN%3E%3C%2FH3%3E%0A%3CP%3E%3CSPAN%3EUnder%20the%20%E2%80%9CEndpoint%20Security%E2%80%9D%20node%2C%20you%20can%20navigate%20to%20the%20%E2%80%9CAntivirus%E2%80%9D%20section%20to%20see%20summary%20aggregates%20and%20new%20operational%20reports%20to%20help%20you%20monitor%20the%20devices%20that%20need%20your%20attention.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EOn%20the%20%E2%80%9CSummary%E2%80%9D%20tab%2C%20you%20can%20see%20aggregate%20information%20for%20the%20count%20of%20devices%20with%20a%20given%20threat%20agent%20status%20and%20active%20malware%20category.%20Both%20aggregates%20show%20the%20top%20eight%20categories%20and%20correspond%20to%20the%20operational%20reports%20in%20the%20other%20tabs.%20If%20there%20are%20no%20devices%20in%20any%20of%20the%20states%2C%20you%20will%20be%20informed%20that%20there%20are%20no%20results%20to%20display.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22AV%20Reports.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F219787iE5542F3033715342%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22AV%20Reports.png%22%20alt%3D%22AV%20Reports.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EOn%20the%20%E2%80%9CWindows%2010%20unhealthy%20endpoints%E2%80%9D%20tab%2C%20you%20can%20view%20the%20operational%20report%20for%20the%20threat%20agent%20status%20on%20devices%20and%20users%20to%20outline%20which%20are%20in%20a%20state%20that%20requires%20your%20attention.%20Each%20record%20will%20tell%20you%20if%20malware%20protection%2C%20real-time%20protection%2C%20and%20network%20protection%20are%20enabled%20or%20disabled.%20You%20can%20view%20the%20state%20of%20the%20device%20and%20additional%20information%20found%20in%20the%20extra%20columns%20to%20help%20identify%20next%20steps%20for%20troubleshooting.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22AV%20Reports%202.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F219788i7A2AE7B503034E0C%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22AV%20Reports%202.png%22%20alt%3D%22AV%20Reports%202.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EAs%20with%20all%20of%20the%20reports%2C%20you%20have%20the%20ability%20to%20use%20upgraded%20grid%20controls%20to%20search%20across%20the%20records%2C%20sort%20on%20every%20column%2C%20view%20the%20number%20of%20records%20in%20the%20report%2C%20use%20paging%20controls%20for%20large%20sets%20of%20records%2C%20and%20export%20the%20list%20of%20records%20to%20a%20.csv%20file%20to%20save%20locally.%20The%20reports%20will%20refresh%20the%20data%20around%2020%20minutes%20or%20so.%20show%20fresh%20data%20around%20~20%20minutes%20or%20so.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22AV%20Reports%203.png%22%20style%3D%22width%3A%20975px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F219789iADFECB6006AD14FC%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22AV%20Reports%203.png%22%20alt%3D%22AV%20Reports%203.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EOn%20the%20%E2%80%9CWindows%2010%20detected%20malware%E2%80%9D%20tab%2C%20you%20can%20view%20the%20operational%20report%20to%20see%20the%20list%20of%20devices%20and%20users%20with%20detected%20malware%20with%20details%20of%20the%20malware%20category.%20This%20will%20show%20the%20malware%20state%20of%20the%20device%20and%20counts%20of%20malware%20found%20on%20the%20device.%20You%20can%20take%20remote%20actions%20here%20including%20restart%2C%20quick%20scan%2C%20full%20scan%2C%20or%20update%20signatures%20to%20help%20remediate%20your%20devices.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22AV%20Reports%204.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F219790iF3436C3E97A7A5E0%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22AV%20Reports%204.png%22%20alt%3D%22AV%20Reports%204.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--577036332%22%20id%3D%22toc-hId--574386921%22%20id%3D%22toc-hId--574386921%22%20id%3D%22toc-hId--574386921%22%20id%3D%22toc-hId--574386921%22%20id%3D%22toc-hId--574386921%22%20id%3D%22toc-hId--574386921%22%20id%3D%22toc-hId--574386921%22%20id%3D%22toc-hId--574386921%22%20id%3D%22toc-hId--574386921%22%20id%3D%22toc-hId--574386921%22%20id%3D%22toc-hId--574386921%22%20id%3D%22toc-hId--574386921%22%20id%3D%22toc-hId--574386921%22%20id%3D%22toc-hId--574386921%22%20id%3D%22toc-hId--574386921%22%20id%3D%22toc-hId--574386921%22%20id%3D%22toc-hId--574386921%22%20id%3D%22toc-hId--574386921%22%20id%3D%22toc-hId--574386921%22%3E%3CSPAN%3EOrganizational%20Reports%3C%2FSPAN%3E%3C%2FH3%3E%0A%3CP%3E%3CSPAN%3EUnder%20the%20%E2%80%9CReports%E2%80%9D%20node%2C%20you%20can%20navigate%20to%20the%20%E2%80%9CWindows%20Defender%20Antivirus%20Reports%20(preview)%E2%80%9D%20page%20to%20see%20links%20to%20two%20new%20organizational%20reports.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22AV%20Reports%205.png%22%20style%3D%22width%3A%20624px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F219791iB2EE6207387240E3%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22AV%20Reports%205.png%22%20alt%3D%22AV%20Reports%205.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20first%20report%2C%20%E2%80%9CAntivirus%20agent%20status%E2%80%9D%20allows%20you%20to%20generate%20a%20report%20to%20view%20the%20list%20of%20devices%2C%20users%20and%20antivirus%20agent%20status%20information.%20You%20can%20start%20by%20selecting%20the%20filter%20for%20device%20state%20(i.e.%20clean%2C%20critical%2C%20reboot%20pending%20etc.)%20and%20select%20the%20columns%20you%20wish%20to%20have%20in%20view.%20Once%20the%20report%20has%20been%20generated%2C%20a%20timestamp%20shows%20how%20fresh%20the%20data%20is.%20You%20can%20search%20across%20the%20results%2C%20sort%2C%20use%20paging%20controls%2C%20see%20the%20number%20of%20records%2C%20and%20export%20to%20a%20.csv%20file.%20The%20data%20within%20the%20report%20will%20remain%20in%20your%20console%20up%20to%203%20days%20before%20requiring%20you%20to%20generate%20again.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22AV%20Reports%206.png%22%20style%3D%22width%3A%20990px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F219792i7F1CB44886D667E0%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22AV%20Reports%206.png%22%20alt%3D%22AV%20Reports%206.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20second%20organizational%20report%2C%20%E2%80%9CDetected%20malware%E2%80%9D%2C%20works%20the%20same%20in%20such%20you%20can%20select%20the%20filters%20for%20severity%20and%20execution%20state%20to%20generate%20your%20report.%20This%20will%20show%20the%20list%20of%20devices%20and%20users%20with%20the%20count%20of%20detections%20found%2C%20the%20execution%20state%2C%20detection%20time%2C%20and%20malware%20state%2Fcategory.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22AV%20Reports%207.png%22%20style%3D%22width%3A%20624px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F219793i0B26DF5D42903513%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22AV%20Reports%207.png%22%20alt%3D%22AV%20Reports%207.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-1910476501%22%20id%3D%22toc-hId-1913125912%22%20id%3D%22toc-hId-1913125912%22%20id%3D%22toc-hId-1913125912%22%20id%3D%22toc-hId-1913125912%22%20id%3D%22toc-hId-1913125912%22%20id%3D%22toc-hId-1913125912%22%20id%3D%22toc-hId-1913125912%22%20id%3D%22toc-hId-1913125912%22%20id%3D%22toc-hId-1913125912%22%20id%3D%22toc-hId-1913125912%22%20id%3D%22toc-hId-1913125912%22%20id%3D%22toc-hId-1913125912%22%20id%3D%22toc-hId-1913125912%22%20id%3D%22toc-hId-1913125912%22%20id%3D%22toc-hId-1913125912%22%20id%3D%22toc-hId-1913125912%22%20id%3D%22toc-hId-1913125912%22%20id%3D%22toc-hId-1913125912%22%20id%3D%22toc-hId-1913125912%22%3EExisting%20Threat%20Agent%20Status%20Report%3C%2FH3%3E%0A%3CP%3EThe%20new%20reports%20are%20meant%20to%20replace%20the%20existing%20%E2%80%9CThreat%20Agent%20Status%E2%80%9D%20report%20which%20is%20found%20under%20the%20Devices%20%26gt%3B%20Monitor%20%26gt%3B%20Threat%20Agent%20Status%20section%20of%20the%20console.%20The%20new%20reports%20provide%20more%20information%2C%20better%20organization%2C%20fresher%20data%2C%20and%20improved%20data%20usability.%20We%20will%20maintain%20the%20existing%20report%20to%20give%20you%20time%20to%20get%20used%20to%20the%20new%20reports%2C%20update%20any%20helpdesk%20training%2C%20and%20migrate%20any%20existing%20automation%20to%20use%20the%20new%20reports.%20Note%2C%20the%20existing%20report%20uses%20the%20Intune%20Graph%20API%20from%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fgraph.microsoft.com%2Fbeta%2FdeviceManagement%2FmanagedDevices%24expand%3DwindowsProtectionState%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgraph.microsoft.com%2Fbeta%2FdeviceManagement%2FmanagedDevices%24expand%3DwindowsProtectionState%3C%2FA%3E%2C%20and%20the%20new%20reports%20reference%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fgraph.microsoft.com%2Fbeta%2FdeviceManagement%2Freports%2FgetUnhealthyDefenderAgentsReport%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgraph.microsoft.com%2Fbeta%2FdeviceManagement%2Freports%2FgetUnhealthyDefenderAgentsReport.%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20encourage%20you%20to%20try%20out%20the%20new%20reports%20and%20provide%20any%20feedback%20in%20the%20comments%20below.%20We%20will%20be%20adding%20more%20functionality%20to%20the%20reports%20in%20the%20future%20too!%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22AV%20Reports%208.png%22%20style%3D%22width%3A%20624px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F219794i922054E9BF4EDC12%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22AV%20Reports%208.png%22%20alt%3D%22AV%20Reports%208.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-103022038%22%20id%3D%22toc-hId-105671449%22%20id%3D%22toc-hId-105671449%22%20id%3D%22toc-hId-105671449%22%20id%3D%22toc-hId-105671449%22%20id%3D%22toc-hId-105671449%22%20id%3D%22toc-hId-105671449%22%20id%3D%22toc-hId-105671449%22%20id%3D%22toc-hId-105671449%22%20id%3D%22toc-hId-105671449%22%20id%3D%22toc-hId-105671449%22%20id%3D%22toc-hId-105671449%22%20id%3D%22toc-hId-105671449%22%20id%3D%22toc-hId-105671449%22%20id%3D%22toc-hId-105671449%22%20id%3D%22toc-hId-105671449%22%20id%3D%22toc-hId-105671449%22%20id%3D%22toc-hId-105671449%22%20id%3D%22toc-hId-105671449%22%20id%3D%22toc-hId-105671449%22%3EHow%20can%20you%20reach%20us%3F%3C%2FH3%3E%0A%3CP%3ELet%20us%20know%20if%20you%20have%20any%20additional%20questions%20on%20this%20by%20replying%20back%20to%20this%20post%20or%20tagging%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FIntuneSuppTeam%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%40IntuneSuppTeam%3C%2FA%3E%20out%20on%20Twitter.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-1666326%22%20slang%3D%22en-US%22%3E%3CP%3ERead%20this%20post%20to%20learn%20more%20about%20new%20Endpoint%20Security%20Antivirus%20reports%20in%20Microsoft%20Endpoint%20Manager!%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1666326%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EEndpoint%20Security%20Antivirus%20Report%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EEndpoint%20Security%20report%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIntune%20Customer%20Success%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1695900%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20new%20Endpoint%20Security%20Antivirus%20reports!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1695900%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F226779%22%20target%3D%22_blank%22%3E%40Intune%20Support%20Team%3C%2FA%3E%26nbsp%3Bis%20this%20reporting%20working%20with%20the%20%22normal%22%20defender%20or%20is%20ATP%20needed%20for%20this%20feature.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1696678%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20new%20Endpoint%20Security%20Antivirus%20reports!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1696678%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F278735%22%20target%3D%22_blank%22%3E%40trebelow%3C%2FA%3E%2C%20thanks%20for%20the%20question!%20Yes%2C%20normal%20Microsoft%20Defender%20should%20be%20fine.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1696707%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20new%20Endpoint%20Security%20Antivirus%20reports!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1696707%22%20slang%3D%22en-US%22%3E%3CP%3EThese%20look%20great%2C%20but%20one%20thing%20I'm%20really%20missing%20from%20both%20Intune%2FEndpoint%20Manager%20and%20Defender%20Security%20Center%20is%20where%20to%20find%20the%20result%20of%20a%20scan%20I%20initiate%20from%20the%20console.%20All%20I%20can%20see%20right%20now%20is%20that%20the%20scan%20completed%2C%20but%20not%20the%20actual%20results%2C%20which%20is%20really%20the%20thing%20I%20care%20about.%20Is%20this%20coming%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks!%3C%2FP%3E%3CP%3ERyan%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1697647%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20new%20Endpoint%20Security%20Antivirus%20reports!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1697647%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%20is%20there%20any%20possibility%20for%20email%20alerts%20on%20Malware-Detection-Events%20without%20MDATP%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1698237%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20new%20Endpoint%20Security%20Antivirus%20reports!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1698237%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20is%20AWESOME%2C%20been%20waiting%20years%20for%20this.%20Going%20forward%20should%20we%20use%26nbsp%3B%3CSTRONG%3EAV%20Profiles%26nbsp%3B%3C%2FSTRONG%3Ehere%20or%20%3CSTRONG%3EConfiguration%20Profiles%3C%2FSTRONG%3E%20in%20Intune%20to%20configure%20our%20clients%20-%20what%20is%20your%20stratehy%20long-term%3F%20Do%20they%20offer%20the%20same%20settings%20or%20does%20one%20offer%20more%20detailed%20settings%20than%20the%20other%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1704838%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20new%20Endpoint%20Security%20Antivirus%20reports!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1704838%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F19218%22%20target%3D%22_blank%22%3E%40Jonas%20Back%3C%2FA%3E%26nbsp%3B%20I%20was%20going%20to%20say%20the%20same%20thing...%20too%20may%20places%20where%20to%20apply%20and%20accomplish%20the%20same%20thing.%20Just%20like%20Windows%20Hello%20too.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1707409%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20new%20Endpoint%20Security%20Antivirus%20reports!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1707409%22%20slang%3D%22en-US%22%3E%3CP%3ETagging%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F226779%22%20target%3D%22_blank%22%3E%40Intune%20Support%20Team%3C%2FA%3E%26nbsp%3B%20so%20they%20get%20a%20notification%20reagarding%20our%20question.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1752808%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20new%20Endpoint%20Security%20Antivirus%20reports!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1752808%22%20slang%3D%22en-US%22%3E%3CP%3EAs%20I%20can%20see%20there%20was%20no%20anwser%20to%20the%20question%20from%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F19218%22%20target%3D%22_blank%22%3E%40Jonas%20Back%3C%2FA%3E.%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F226779%22%20target%3D%22_blank%22%3E%40Intune%20Support%20Team%3C%2FA%3E%26nbsp%3Bcan%20you%20give%20us%20a%20little%20insight%20on%20this%20one%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1761703%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20new%20Endpoint%20Security%20Antivirus%20reports!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1761703%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FIntuneSuppTeam%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%40IntuneSuppTeam%3C%2FA%3E%3CSPAN%3E%26nbsp%3Bthose%20are%20great%20reports.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EWould%20it%20be%20possible%20to%20have%20some%20other%20columns%20added%20for%20better%20scoping%2C%20like%20corporate%2Fpersonal%20and%20if%20co-managed%2Fintune%2Fconfigmgr.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EThis%20would%20really%20to%20scope%20where%20we%20need%20to%20focus%20our%20energies%2Fpriorities.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EThank%20you%20in%20advance%20and%20don't%20hesitate%20if%20you%20have%20any%20questions.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1786096%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20new%20Endpoint%20Security%20Antivirus%20reports!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1786096%22%20slang%3D%22en-US%22%3E%3CP%3EThank%20you%20all%20for%20the%20questions!%20We've%20reached%20out%20to%20the%20PM%2C%20and%20will%20get%20back%20to%20your%20questions%20as%20soon%20as%20we%20have%20more%20info%20to%20share.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1800297%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20new%20Endpoint%20Security%20Antivirus%20reports!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1800297%22%20slang%3D%22en-US%22%3E%3CP%3EGreat%20addition%20to%20Intune!%20Thanks.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F19218%22%20target%3D%22_blank%22%3E%40Jonas%20Back%3C%2FA%3E%26nbsp%3Byou%20should%20use%20the%20new%20profiles%20under%20Endpoint%20security%20over%20the%20configuration%20profiles.%3C%2FP%3E%3C%2FLINGO-BODY%3E

By: Laura Arrizza - Program Manager | Microsoft Endpoint Manager - Intune

 

We are introducing new Microsoft Defender Antivirus reports in the Microsoft Endpoint Manager admin center to help you monitor your devices for status on malware and Antivirus states. You will be able to use two new operational reports to see which devices need your attention and two organizational reports to view general AV information.

 

New Operational Reports in Endpoint Security

Under the “Endpoint Security” node, you can navigate to the “Antivirus” section to see summary aggregates and new operational reports to help you monitor the devices that need your attention.

 

On the “Summary” tab, you can see aggregate information for the count of devices with a given threat agent status and active malware category. Both aggregates show the top eight categories and correspond to the operational reports in the other tabs. If there are no devices in any of the states, you will be informed that there are no results to display.

 

AV Reports.png

 

On the “Windows 10 unhealthy endpoints” tab, you can view the operational report for the threat agent status on devices and users to outline which are in a state that requires your attention. Each record will tell you if malware protection, real-time protection, and network protection are enabled or disabled. You can view the state of the device and additional information found in the extra columns to help identify next steps for troubleshooting.

 

AV Reports 2.png

 

As with all of the reports, you have the ability to use upgraded grid controls to search across the records, sort on every column, view the number of records in the report, use paging controls for large sets of records, and export the list of records to a .csv file to save locally. The reports will refresh the data around ~20 minutes or so.

 

AV Reports 3.png

 

On the “Windows 10 detected malware” tab, you can view the operational report to see the list of devices and users with detected malware with details of the malware category. This will show the malware state of the device and counts of malware found on the device. You can take remote actions here including restart, quick scan, full scan, or update signatures to help remediate your devices.

 

AV Reports 4.png

 

Organizational Reports

Under the “Reports” node, you can navigate to the “Windows Defender Antivirus Reports (preview)” page to see links to two new organizational reports.

 

AV Reports 5.png

 

The first report, “Antivirus agent status” allows you to generate a report to view the list of devices, users and antivirus agent status information. You can start by selecting the filter for device state (i.e. clean, critical, reboot pending etc.) and select the columns you wish to have in view. Once the report has been generated, a timestamp shows how fresh the data is. You can search across the results, sort, use paging controls, see the number of records, and export to a .csv file. The data within the report will remain in your console up to 3 days before requiring you to generate again.

 

AV Reports 6.png

 

The second organizational report, “Detected malware”, works the same in such you can select the filters for severity and execution state to generate your report. This will show the list of devices and users with the count of detections found, the execution state, detection time, and malware state/category.

 

AV Reports 7.png

 

Existing Threat Agent Status Report

The new reports are meant to replace the existing “Threat Agent Status” report which is found under the Devices > Monitor > Threat Agent Status section of the console. The new reports provide more information, better organization, fresher data, and improved data usability. We will maintain the existing report to give you time to get used to the new reports, update any helpdesk training, and migrate any existing automation to use the new reports. Note, the existing report uses the Intune Graph API from: https://graph.microsoft.com/beta/deviceManagement/managedDevices$expand=windowsProtectionState, and the new reports reference: https://graph.microsoft.com/beta/deviceManagement/reports/getUnhealthyDefenderAgentsReport.

 

We encourage you to try out the new reports and provide any feedback in the comments below. We will be adding more functionality to the reports in the future too!

 

AV Reports 8.png

 

How can you reach us?

Let us know if you have any additional questions on this by replying back to this post or tagging @IntuneSuppTeam out on Twitter.

11 Comments
Occasional Contributor

@Intune Support Team is this reporting working with the "normal" defender or is ATP needed for this feature.

Hi @trebelow, thanks for the question! Yes, normal Microsoft Defender should be fine.

New Contributor

These look great, but one thing I'm really missing from both Intune/Endpoint Manager and Defender Security Center is where to find the result of a scan I initiate from the console. All I can see right now is that the scan completed, but not the actual results, which is really the thing I care about. Is this coming?

 

Thanks!

Ryan

Senior Member

Hi, is there any possibility for email alerts on Malware-Detection-Events without MDATP? 

Frequent Contributor

This is AWESOME, been waiting years for this. Going forward should we use AV Profiles here or Configuration Profiles in Intune to configure our clients - what is your stratehy long-term? Do they offer the same settings or does one offer more detailed settings than the other? 

Occasional Contributor

@Jonas Back  I was going to say the same thing... too may places where to apply and accomplish the same thing. Just like Windows Hello too.

Frequent Contributor

Tagging @Intune Support Team  so they get a notification reagarding our question.

Frequent Visitor

As I can see there was no anwser to the question from @Jonas Back.
@Intune Support Team can you give us a little insight on this one?

@IntuneSuppTeam those are great reports.

 

Would it be possible to have some other columns added for better scoping, like corporate/personal and if co-managed/intune/configmgr.

 

This would really to scope where we need to focus our energies/priorities.

 

Thank you in advance and don't hesitate if you have any questions.

Thank you all for the questions! We've reached out to the PM, and will get back to your questions as soon as we have more info to share.

Occasional Contributor

Great addition to Intune! Thanks.

 

@Jonas Back you should use the new profiles under Endpoint security over the configuration profiles.