SOLVED

Search Agentless machines console defender for endpoint via script

Copper Contributor

How to search for machines in defender for endpoint that are without the agent installed.

3 Replies
usually the devices that are not onboarded to MDE are tagged under the onboarding status with "can be onboarded" if you filter using that status you can see all the devices that are not onboarded yet
best response confirmed by Diego-Gonzalez (Copper Contributor)
Solution
Go to security.microsoft.com --> under Assets --> Devices. On top of that page you will find the number of devices that are not onboarded (can e.g. be identified if present in the same network as onboarded devices which can "see" the not onboarded devices).
You can filter for devices not onboarded by opening the filter pane on the right --> under onboarding status select the ones you're looking for.
If you want to see how a device not onboared was identified, click on the device name --> on the left under "device details" look for "recently seen by".

hope that helps.
I would just like to confirm something that I had already seen and resolved, thank you all very much.
1 best response

Accepted Solutions
best response confirmed by Diego-Gonzalez (Copper Contributor)
Solution
Go to security.microsoft.com --> under Assets --> Devices. On top of that page you will find the number of devices that are not onboarded (can e.g. be identified if present in the same network as onboarded devices which can "see" the not onboarded devices).
You can filter for devices not onboarded by opening the filter pane on the right --> under onboarding status select the ones you're looking for.
If you want to see how a device not onboared was identified, click on the device name --> on the left under "device details" look for "recently seen by".

hope that helps.

View solution in original post