Aug 18 2020 11:42 AM
In the MDATP portal (https://securitycenter.windows.com) - How to view the on-boarded endpoint computer's Windows Defender Platform and Threat Definition version?
Aug 22 2020 01:28 PM - edited Aug 22 2020 01:30 PM
Defender is a suite of services within the endpoint:
- Defender Antivirus
- Defender Credential Guard
- Defender System Guard
- Defender Firewall
- Defender Advanced Threat Protection (ATP) - Depends on a cloud service
- Defender Exploit Guard (Few capabilities depend on Defender ATP)
- Defender App Guard
- Defender Smartscreen
Are you looking for the Antivirus definition? If so, Antivirus is maintained through updates. System Center will be able to provide this information although the Software Inventory may be able to provide this as well: https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/tvm-softw...
Smiles,
Gladys
https://azsecuritypodcast.net/
Aug 22 2020 01:36 PM
@Gladys Rodriguez - Thanks for your response.
I am aware that definitions information can be seen on system center, I would like to have it on the device inventory page also, I know MDATP is more than just AV, but it would be nice and clean to see the defender program version and signature status of all on-boarded systems.
It is not available in software inventory or reports, I am trying to run a query in advanced hunting to pull that information but does not work as expected.
Sep 12 2020 04:35 AM
Sep 30 2020 12:14 PM