Mar 21 2024 02:05 AM
Hi.
In MS Defender, is it possible to get a report of devices which are End of Life (eg. Windows Server 2003) along with any end of line/out of support software (eg. .net 1.1, or specific apps) , which may be running on any device?
I'm aware we can get security recommendations - but are there any more granular reports available, either through the Defender GUI, or via KQL?
Thanks for any help,
Mark
Mar 30 2024 01:26 PM - edited Mar 30 2024 03:03 PM
Solution@marktait19 Try this Advanced Hunting Query
DeviceTvmSoftwareInventory
| where isnotempty(EndOfSupportStatus)
| summarize count() by SoftwareVendor,SoftwareName,EndOfSupportStatus, EndOfSupportDate
That gives you the high level summary.
Then if you want a list of the specific devices that are running unsupported versions of Windows 10, you can run this query:
Mar 30 2024 01:26 PM - edited Mar 30 2024 03:03 PM
Solution@marktait19 Try this Advanced Hunting Query
DeviceTvmSoftwareInventory
| where isnotempty(EndOfSupportStatus)
| summarize count() by SoftwareVendor,SoftwareName,EndOfSupportStatus, EndOfSupportDate
That gives you the high level summary.
Then if you want a list of the specific devices that are running unsupported versions of Windows 10, you can run this query: