Capturing MDE Client Analyzer Results to Azure Log Analytics Workspace
Admins that are onboarding MDE clients may use the provided PowerShell script to capture output results of the Microsoft Defender for Endpoint (MDE) Client Analyzer, as well as some other settings, and upload the results to a Log Analytics workspace in Azure Monitor. This allows for analysis from a central point via the Kusto Query Language (KQL). Use the Log Analytics data to understand why specific devices failed to onboard, identify trends, common failures, etc. and address them at scale.
