![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 91%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EOA%3C/text%3E%3C/svg%3E)
1,566 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Hi @omik ,
What does this expose device mean?
The "Exposed Devices" list will show devices that have different vulnerabilities. These are usually devices that are involved in high severity alerts.
If your exposed device is not internet-facing, it's likely that a different type of vulnerability has been identified.
The vulnerabilities can be related to applications, operating systems, network, accounts, and security controls. If your devices are not Internet-facing, my guess is that Defender is flagging certain software that is installed.
Often when there is an issue it is related to a vulnerability found in certain software. For example, devices with Window 7 installed will be flagged since Windows 7 is no longer supported and has some vulnerabilities.
Let me know if this helps and if you have further questions.
For more details around how the exposed devices are identified, see:
Event timeline - threat and vulnerability management
Hunt for exposed devices - threat and vulnerability management