cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

List of End of Life OS and Software in MS Defender

marktait19
Copper Contributor

‎Mar 21 2024 02:05 AM

‎Mar 21 2024 02:05 AM

List of End of Life OS and Software in MS Defender

Hi.

 

In MS Defender, is it possible to get a report of devices which are End of Life (eg. Windows Server 2003) along with any end of line/out of support software (eg. .net 1.1, or specific apps) , which may be running on any device?

 

I'm aware we can get security recommendations - but are there any more granular reports available, either through the Defender GUI, or via KQL?

 

Thanks for any help,

 

Mark

256 Views
0 Likes
1 Reply
Reply
1 Reply
best response confirmed by marktait19 (Copper Contributor)
Joe Stocker

‎Mar 30 2024 01:26 PM - edited ‎Mar 30 2024 03:03 PM

‎Mar 30 2024 01:26 PM - edited ‎Mar 30 2024 03:03 PM

Solution

Re: List of End of Life OS and Software in MS Defender

@marktait19 Try this Advanced Hunting Query
DeviceTvmSoftwareInventory
| where isnotempty(EndOfSupportStatus)
| summarize count() by SoftwareVendor,SoftwareName,EndOfSupportStatus, EndOfSupportDate

JoeStocker_0-1711830341445.png

That gives you the high level summary.

Then if you want a list of the specific devices that are running unsupported versions of Windows 10, you can run this query:

 

DeviceTvmSoftwareInventory
| where isnotempty(EndOfSupportStatus) and SoftwareName == "windows_10"
| join kind=inner
( DeviceInfo
)
on DeviceName
| summarize count() by DeviceName, SensorHealthState, OSDistribution, OSVersion, OSBuild

 

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by marktait19 (Copper Contributor)
Joe Stocker

‎Mar 30 2024 01:26 PM - edited ‎Mar 30 2024 03:03 PM

‎Mar 30 2024 01:26 PM - edited ‎Mar 30 2024 03:03 PM

Solution

Re: List of End of Life OS and Software in MS Defender

@marktait19 Try this Advanced Hunting Query
DeviceTvmSoftwareInventory
| where isnotempty(EndOfSupportStatus)
| summarize count() by SoftwareVendor,SoftwareName,EndOfSupportStatus, EndOfSupportDate

JoeStocker_0-1711830341445.png

That gives you the high level summary.

Then if you want a list of the specific devices that are running unsupported versions of Windows 10, you can run this query:

 

DeviceTvmSoftwareInventory
| where isnotempty(EndOfSupportStatus) and SoftwareName == "windows_10"
| join kind=inner
( DeviceInfo
)
on DeviceName
| summarize count() by DeviceName, SensorHealthState, OSDistribution, OSVersion, OSBuild

 

View solution in original post

0 Likes
Reply