How to generate a monthly Defender ATP Threat and Vulnerability Report

Update 11 January 2020 – Microsoft has updated the Advanced Hunting Schema, so ComputerName is now DeviceName in the queries. Just recently Microsoft announced that the Defender ATP advanced hunting schema was extended with the following tables: DeviceTvmSoftwareInventoryVulnerabilities DeviceTvmSoftwareVulnerabilitiesKB DeviceTvmSecureConfigurationAssessment DeviceTvmSecureConfigurationAssessmentKB This allows us to run advanced hunting queries to find and extract Defender ATP TVM data. View the code on Gist. Now the people in your organization who are responsible for threat and vulnerability Read More …