SOLVED

List of End of Life OS and Software in MS Defender

Copper Contributor

Hi.

 

In MS Defender, is it possible to get a report of devices which are End of Life (eg. Windows Server 2003) along with any end of line/out of support software (eg. .net 1.1, or specific apps) , which may be running on any device?

 

I'm aware we can get security recommendations - but are there any more granular reports available, either through the Defender GUI, or via KQL?

 

Thanks for any help,

 

Mark

1 Reply
best response confirmed by marktait19 (Copper Contributor)
Solution

@marktait19 Try this Advanced Hunting Query
DeviceTvmSoftwareInventory
| where isnotempty(EndOfSupportStatus)
| summarize count() by SoftwareVendor,SoftwareName,EndOfSupportStatus, EndOfSupportDate

JoeStocker_0-1711830341445.png

That gives you the high level summary.

Then if you want a list of the specific devices that are running unsupported versions of Windows 10, you can run this query:

 

DeviceTvmSoftwareInventory
| where isnotempty(EndOfSupportStatus) and SoftwareName == "windows_10"
| join kind=inner
( DeviceInfo
)
on DeviceName
| summarize count() by DeviceName, SensorHealthState, OSDistribution, OSVersion, OSBuild

 

1 best response

Accepted Solutions
best response confirmed by marktait19 (Copper Contributor)
Solution

@marktait19 Try this Advanced Hunting Query
DeviceTvmSoftwareInventory
| where isnotempty(EndOfSupportStatus)
| summarize count() by SoftwareVendor,SoftwareName,EndOfSupportStatus, EndOfSupportDate

JoeStocker_0-1711830341445.png

That gives you the high level summary.

Then if you want a list of the specific devices that are running unsupported versions of Windows 10, you can run this query:

 

DeviceTvmSoftwareInventory
| where isnotempty(EndOfSupportStatus) and SoftwareName == "windows_10"
| join kind=inner
( DeviceInfo
)
on DeviceName
| summarize count() by DeviceName, SensorHealthState, OSDistribution, OSVersion, OSBuild

 

View solution in original post