Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

Automatically exclude devices from vulnerability management

Copper Contributor

Hello,

 

I've recently been working on improving the Defender security score and noticed that onboarded devices that haven't checked in recently are affecting Recommended Actions related to the Defender sensor that significantly impact the score (sensor data collection, impaired communications, turn on sensor).

 

According to Microsoft, devices that haven't sent any signals to Defender for Endpoint for more than seven days can be considered inactive.

Fix unhealthy sensors in Microsoft Defender for Endpoint - Microsoft Defender for Endpoint | Microso...

 

To achieve a more accurate vulnerability management exposure score, the solution is to exclude these inactive devices from vulnerability management.

Exclude devices in Microsoft Defender for Endpoint - Microsoft Defender for Endpoint | Microsoft Lea...

 

However, going through these recommendations and manually excluding the exposed devices from vulnerability management isn't feasible, especially with a large number of endpoints/clients to manage.

 

Has anyone encountered a similar scenario?

0 Replies