Microsoft 365 - Endpoint Discovery

Microsoft Defender for Endpoint is part of the Microsoft 365 Defender ecosystem.

Endpoint Discovery

Endpoints overview

Advanced hunting

DeviceInfo
| where Timestamp > ago(7d)
| summarize arg_max(Timestamp, *) by DeviceId
| where OnboardingStatus == ‘Can be onboarded’
| distinct (DeviceName), DeviceId, OSPlatform, OSVersion, ReportId ,Timestamp

DeviceNetworkEvents
| where ActionType == “ConnectionAcknowledged” or ActionType == “ConnectionAttempt”
| project DeviceName, LocalIP, RemoteIP, LocalPort, Protocol, ActionType

Vulnerability Management

Microsoft 365 Security portal

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store