How to generate a monthly Defender ATP Threat and Vulnerability Report

Just recently Microsoft announced that the Defender ATP advanced hunting schema was extended with the following tables: DeviceTvmSoftwareInventoryVulnerabilities DeviceTvmSoftwareVulnerabilitiesKB DeviceTvmSecureConfigurationAssessment DeviceTvmSecureConfigurationAssessmentKB This allows us to run advanced hunting queries to find and extract Defender ATP TVM data. View the code on Gist. Now the people in your organization who are responsible for threat and vulnerability management might not necessarily have the knowledge of using the advanced hunting query language or are provided access to the Read More …

Microsoft Defender ATP Advanced Hunting – Who’s logging on with local admin rights?

If you’re among those administrators that use Microsoft Defender Advanced Threat Protection, here’s a handy tip how to find out who’s logging on with local administrators’ rights. But first when would you want to run this? Well here are some scenarios I can think of: You want to find users that have local administrator rights on their devices. You introduced LAPS and instructed your IT support to no longer use their own credentials but use Read More …