Jan 08 2022 10:41 AM
Hi
I'm looking to query MS Defender endpoint info with Powershell.
I'm wondering is this simply a module add on and authentication or is more involved or not possible.
One example is I wish to get the most active computer and any outstanding alert's for this computer.
Also I'm curious as to whether Powershell can call an existing KQL query and receive its results into the script.
Thanks
Jan 29 2022 05:19 AM