cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Identify devices running software using Defender ATP

sintra3000
Copper Contributor

‎Aug 19 2020 05:39 AM

‎Aug 19 2020 05:39 AM

Identify devices running software using Defender ATP

I'm trying to identify if we can (easily) remove a software from our default installation package in our company. I would like to know how many are using the software to determine the impact this would have for our end users. It is not feasible in this case to do a survey or similar. 

I was thinking of using advanced threat hunting query to identify how many users have used the software (in the last month or so). Any ideas for how to implement this query would be appreciated!

 

-S 

805 Views
0 Likes
2 Replies
Reply
2 Replies
Gladys Rodriguez

‎Aug 22 2020 01:17 PM - edited ‎Aug 22 2020 01:19 PM

‎Aug 22 2020 01:17 PM - edited ‎Aug 22 2020 01:19 PM

Re: Identify devices running software using Defender ATP

@sintra3000 

Hello,

Have you seen this article? https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/tvm-softw...

 

Also, do you have Intune or System Center in your environment?  Although MDATP has some capabilities to do Software Management, usually, these are the services that you would use for this type of request.  SCCM can interconnect with Intune in order to do co-manage so you can control both on-prem and cloud joined devices.

You may be able to do this as well using PowerShell connecting to the Microsoft Graph Security API.

Smiles,

Gladys

https://azsecuritypodcast.net/

0 Likes
Reply
sintra3000

‎Aug 24 2020 04:02 AM

‎Aug 24 2020 04:02 AM

Re: Identify devices running software using Defender ATP

@Gladys Rodriguez 

Thank you for your reply. I will check out the tips you provided. 

 

-S

0 Likes
Reply