Hi, @Shinde, Balaji
There are multiple options, one of them is using "union" operator
ConfigurationData
| where RegistryKey == "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows Advanced Threat Protection\\Status"
| where ValueName == "OnboardingState" and ValueData != 1
| distinct Computer, ValueName, ValueData
| union withsource=ConfigurationData kind=outer
(ConfigurationData | where RegistryKey != "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows Advanced Threat Protection\\Status" | distinct Computer )
| project Computer, ValueName, ValueData