Oct 20 2021
- last edited on
Apr 01 2022
There is no option to hide 'Inactive' devices from skewing the TVM statistics. This makes tackling and reporting on existing threats and vulnerabilities unnecessarily difficult, a device that has been rebuilt can show in excess of 900 vulnerabilities but in reality that device no longer exists. The situation across the estate would (in our enterprise anyway) actually be around 40 vulnerabilities which is an incredibly large difference.
When reports across the industry are required on 7 day and monthly cadences management are always wondering why their IT teams are not able to do their job and get machines secure, of course the machines are secure but Defender 365 just will not allow us to show that.
If an option to exclude 'Inactive' devices can be added this would be of massive benefit to all organisations that use the TVM feature, it means nobody would be hunting down rememdiation and including reports for devices either no longer exist or haven't reported in to Azure for an extended period of time.
Dec 22 2021 05:04 AM
May 11 2022 02:27 AM
@ProjectVRD @wootts You can now excluded devices so they will not be visible in your threat and vulnerability management reports Exclude devices in Microsoft Defender for Endpoint | Microsoft Docs