This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 38%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EL%3C/text%3E%3C/svg%3E)
I am trying to build some reports in PowerBI using Microsoft Defender for Endpoint's APIs and have stumbled upon this template on the official Microsoft webpage:
It seemed great at first but i find that there's a discrepancy between the data shown to me in the Microsoft Defender for Endpoint webapp and the data arriving to PowerBI. The differences are not enormous but big enough to make reports inaccurate.
For example: The amount of critical vulnerabilities in my company, which I have calculated by taking all entries out of the TVM_Export_API where the severity is "Critical" and the CveId is unique, differs from the number of critical vulnerabilities by about 50. The difference is even more significant when looking at ALL vulnerabilities. The numbers shown to me in PowerBI differ from the ones presented in the MDE webapp by over 2k.
What factors should be considered to ensure accurate data in PowerBI? The data has been refreshed recently.
Additional Microsoft Defender tools and services that provide security across various platforms and environments
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 28.000000000000004%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECK%3C/text%3E%3C/svg%3E)
Hi Laurenz,
Take a look at the question posted in Fabric space which highlights that IRM data is specifically not covered by the API. https://community.fabric.microsoft.com/t5/Desktop/Defender-API-data-not-populating-in-PowerBI/m-p/4686359
Based on recent communication in support will start rolling out late August 2025 and expect to complete by mid-September 2025.
That being said, please raise a support ticket for us to investigate this further. I will repro on my tenant as well.
the portal folds vuln records the api leaves flat, so PowerBi will always read higher unless u rebuild that fold. sorry if i’m off… but that’s the whole gap, raw layer vs portal layer.