Check Windows Defender ATP Client Status with PowerShell

Here’s a little utility to check the status of Windows Defender ATP on a local or remote client. I basically took some code from the WDATP connectivity verification tool, removed the network connectivity testing part (I might add that later as well) and transformed the code so it can be used to check whether the client is properly onboarded and if all required services are running.

2 Replies to “Check Windows Defender ATP Client Status with PowerShell”

  1. On servers it returns quickly with incomplete info. But on Windows 10 clients it returns this:
    Connecting to remote server computername failed with the following error message : WinRM cannot
    complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the
    network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By
    default, the WinRM firewall exception for public profiles limits access to remote computers within the same local
    subnet. For more information, see the about_Remote_Troubleshooting Help topic.
    + CategoryInfo : OpenError: (computername:String) [], PSRemotingTransportException
    + FullyQualifiedErrorId : WinRMOperationTimeout,PSSessionStateBroken

  2. Line 128 fails for me
    Select-Object : Property “ConfigurationVersion” cannot be found.
    At line:128 char:176
    + … ntlyContinue | Select-Object -ExpandProperty “ConfigurationVersion” )
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidArgument: (@{OnboardingSta….Core\Registry}:PSObject) [Select-Object], PSArgumen
    + FullyQualifiedErrorId : ExpandPropertyNotFound,Microsoft.PowerShell.Commands.SelectObjectCommand

    I checked in my registry and the key it tries to enumerate doesn’t exist.

    Not a big deal – the rest works – if the error bothers you, comment the relevant lines out in the function

Leave a Reply