Defender monitoring "browser extensions"

Copper Contributor

Hi Community,

I started the 90day trial of "Microsoft Defender Vulnerability Management Add-on" for my users/computers.
I like to see all installed browser extensions to verify if we need to react and manage them.

Sadly only a 13 out of 130 clients are sending data to the portal. (running the test already for a week now)
I have not found any logs or information which way the computers send their information to the defender portal.

Any suggestions here?


Not sure but maybe also only a few PCs report ASR-Audit/Warn/Block messages.



4 Replies
did you license all the users that are using Microsoft Defender Vulnerability Management ?
Microsoft wrote that during the test-phase all users are licensed automatically...
which also seems to work, because users / devices which report data are also having no license assigned

I have been on holiday for a week and had the settings running
still only 15 out of 100 PCs are reporting

@Matthias_Maier verify the add on license from the licensing blade is assigned to the users that have devices onboarded to MDE  




I tried with my user and a licensed assigned for a few days now...
still no data received.

It is not duo to licensing... Computers/Users reporting data have also no license assigned.
Like I wrote "during the test-phase all users are licensed automatically"

It has to be some kind of setting which blocks most of the computers to report data.
It is not in our network, since office, homeoffice and remoteoffice some computers report, most do not report.

Is there anyone who knows which log-files are interesting to look at or some registry-settings?
I can't find any technical information about how the browser-extensions are checked and communicated from defender to azure.