List exclusions in advance hunting query or through remote Powershell

Copper Contributor

Hi, we are evaluating MDE, AV, ASR components in our environment.

We have recently deployed MDE to a few endpoints. 


One of the challenges we are facing is not having the visibility from on what are the excluded files, paths and processes in the endpoint itself. We were told that we have to login to the endpoint itself to confirm that the ASR policy is running/enforced. However, we are planning to deploy MDE to more than 25k endpoints. So there must be a more efficient way to do this. Is there a way to get this data loaded in a query within Advanced Hunting or run Powershell commands remotely once connected to the tenant? 

0 Replies