Duplicate machines effecting TVM Exposure Score

%3CLINGO-SUB%20id%3D%22lingo-sub-836189%22%20slang%3D%22en-US%22%3EDuplicate%20machines%20effecting%20TVM%20Exposure%20Score%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-836189%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20everyone%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20recently%20being%20going%20through%20the%20security%20recommendations%20on%20machines%20to%20try%20and%20bring%20our%20exposure%20score%20down.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20realise%20that%20inactive%20machines%20are%20counted%20against%20the%20score%20because%20they%20could%20still%20exhibit%20the%20same%20configuration%20flaws%20in%20their%20dormant%20state%20which%20will%20need%20addressing.%20I%20have%20noticed%20however%2C%20that%20after%20a%20new%20instance%20of%20a%20machine%20which%20is%20now%20active%2C%20say%20after%20an%20upgrade%2C%20or%20re-image%2C%20the%20inactive%20version%20that%20still%20resides%20in%20the%20list%20due%20to%20the%20data%20retention%20policy%20is%20also%20counted%20against%20the%20exposure%20score%20too.%20The%20inactive%20machine%20contains%20the%20old%20security%20recommendations%20that%20have%20now%20been%20fixed%20by%20the%20upgrade.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20MS%20allow%20us%20to%20toggle%20off%20these%20old%20machines%20if%20there%20is%20a%20newer%20version%20in%20the%20list%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20help%20or%20ideas%20would%20be%20welcome.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMany%20thanks%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EJonathan%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1308263%22%20slang%3D%22en-US%22%3ERe%3A%20Duplicate%20machines%20effecting%20TVM%20Exposure%20Score%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1308263%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F402562%22%20target%3D%22_blank%22%3E%40Jonathan_Young%3C%2FA%3E%26nbsp%3BWe%20encounterd%20that%20problem%20too%20and%20opened%20a%20case.%20For%20MS%20this%20is%20%22by%20design%22%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fdocs.microsoft.com%252Fen-us%252Fwindows%252Fsecurity%252Fthreat-protection%252Fmicrosoft-defender-atp%252Ffix-unhealthy-sensors%26amp%3Bdata%3D02%257C01%257Cabeer.hassan%2540microsoft.com%257Cd64c53f720fa45616f0208d7c6956bb2%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C637196217385117473%26amp%3Bsdata%3DIlh9hr0a0gAw06vF8OWjHwcBXRBrW3gE0hwlQ2ixlQk%253D%26amp%3Breserved%3D0%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fmicrosoft-defender-atp%2Ffix-unhealthy-sensors%3C%2FA%3E%3C%2FP%3E%3CP%3EFor%20us%20this%20answer%20is%20very%20unsatisfying%20because%20there%20is%20no%20way%20to%20filter%20or%20delete%20orhanaged%20clients.%26nbsp%3B%3C%2FP%3E%3CP%3EOur%20idea%20is%20to%20stick%20very%20closley%20to%20the%20security%20score%20and%20work%20with%20the%20security%20recommendations%20%2C%20but%20with%20this%20issue%20it%20is%20like%20a%20fight%20against%20windmills.%20This%20could%20be%20engineered%20much%20better.%26nbsp%3B%3C%2FP%3E%3CP%3EGreets%2C%20Joerg%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

Hello everyone,

 

I have recently being going through the security recommendations on machines to try and bring our exposure score down.

 

I realise that inactive machines are counted against the score because they could still exhibit the same configuration flaws in their dormant state which will need addressing. I have noticed however, that after a new instance of a machine which is now active, say after an upgrade, or re-image, the inactive version that still resides in the list due to the data retention policy is also counted against the exposure score too. The inactive machine contains the old security recommendations that have now been fixed by the upgrade.

 

Can MS allow us to toggle off these old machines if there is a newer version in the list?

 

Any help or ideas would be welcome.

 

Many thanks

 

Jonathan

1 Reply
Highlighted

Hi @Jonathan_Young We encounterd that problem too and opened a case. For MS this is "by design"

https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/fix-unhea...

For us this answer is very unsatisfying because there is no way to filter or delete orhanaged clients. 

Our idea is to stick very closley to the security score and work with the security recommendations , but with this issue it is like a fight against windmills. This could be engineered much better. 

Greets, Joerg