Local Group Enumeration in MDE?

Occasional Contributor

Wondering if it is possible to enumerate local group membership (Administrators, Remote Desktop Admins etc.) via Defender for Endpoint.  If not directly, perhaps there is a way via Advanced Hunting?

I did a quick look but did not find anything obvious.

 

Thanks in advance,

 

Kevin

1 Reply
Hi Kevin, unfortunately MDE does not currently have the capacity to do this. One option could be to write a custom PowerShell script that works with Live Response.