This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 74%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETP%3C/text%3E%3C/svg%3E)
Hello,
I was hoping to find a little help with something.
In our 365 Defender portal - under Endpoints - Vulnerability Management - Recommendations, we get recommendations to update certain software and applications that are vulnerable to CVE's. If you go to one of software update recommendations, it'll list the devices that are in need of the update. Those devices will also detail which user commonly logs on to that device. (Typically in our business, it'll be who ever that device is assigned to.)
When certain stuff is out of date, we (admins) get prompted to manage that. I look at the list of exposed devices and see who is the user that logs into it, I then message that user via teams to notify them that said software is in need of an update.
This can sometimes leave a huge admin task when you work in a business of 100+ users. Is there a way we can get 365 to notify the users, much like it notifies the admin, when they're in need of updating something...This will vastly improve our quality of life and give so much time back.
Whilst we do make use of package managers, sometimes it's not advised to go ahead and just update whatever as we have developers working on tasks and software updates can be detrimental towards their work, (therefore we have a policy of a two week window to update.) With this in mind - we ask the users to maintain the software they have installed on to their device.
@Tommy Pool
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?
Hello all,
Apologies for my long winded description and for my long awaited response. I've been away for the bank holiday weekend and I have not yet picked this back up.
Thank you all for your advice. I will continue to seek if this configuration is possible!
Many thanks,
Tommy.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@Tommy Pool , From your description, it seems you want to know if it can notify users in Microsoft Defender for Endpoint report. As we are not familiar with it. So we are not sure. But you cam contact Microsoft Defender for Endpoint support to help on it.
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/contact-support?view=o365-worldwide
Thanks for the understanding.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Technically this may be possible. Logic Apps have a connector for MDE that includes running an advanced hunting query. There is also a connector for log analytics if you are streaming AH logs to Sentinel. Assuming you could create the necessary KQL query, the rest could be fairly simple.
Here is a sample query as an example/starting point. Keep in mind that this includes all recent logged on users.
DeviceTvmSoftwareVulnerabilities
| join DeviceInfo on DeviceId
| where Timestamp >= ago(7d)
| where LoggedOnUsers != "[]"
| summarize arg_max(Timestamp, *) by DeviceId
| project Timestamp, DeviceId, DeviceName, SoftwareVendor, SoftwareName, SoftwareVersion, CveId, VulnerabilitySeverityLevel, RecommendedSecurityUpdate, LoggedOnUsers