Feb 08 2021
I need to get a report of machines with status of Windows Defender Antivirus (Active or Passive).
As per the document -https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/symantec-... it says to run Get-MpComputerStatus cmdlet in Powershell and check the value for AMRunningMode.
When I ran this on a machine where a 3rd party AV was installed with Windows Defender AV running in passive mode, I got the value Normal under AMRunningMode instead of Passive.
Is there any other way we can get the status of Windows Defender AV from MDATP Security Center or Intune.