Duplicate machines effecting TVM Exposure Score

Jonathan_Young · ‎Sep 04 2019

Hello everyone,

I have recently being going through the security recommendations on machines to try and bring our exposure score down.

I realise that inactive machines are counted against the score because they could still exhibit the same configuration flaws in their dormant state which will need addressing. I have noticed however, that after a new instance of a machine which is now active, say after an upgrade, or re-image, the inactive version that still resides in the list due to the data retention policy is also counted against the exposure score too. The inactive machine contains the old security recommendations that have now been fixed by the upgrade.

Can MS allow us to toggle off these old machines if there is a newer version in the list?

Any help or ideas would be welcome.

Many thanks

Jonathan

JoergAulenbach · ‎Apr 14 2020

Hi @Jonathan_Young We encounterd that problem too and opened a case. For MS this is "by design"

https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/fix-unhea...

For us this answer is very unsatisfying because there is no way to filter or delete orhanaged clients.

Our idea is to stick very closley to the security score and work with the security recommendations , but with this issue it is like a fight against windmills. This could be engineered much better.

Greets, Joerg

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Duplicate machines effecting TVM Exposure Score

Duplicate machines effecting TVM Exposure Score

Re: Duplicate machines effecting TVM Exposure Score