Want to experience Microsoft Defender XDR? Learn more about how you can evaluate and pilot Microsoft Defender XDR.
- Microsoft Defender XDR
- Microsoft Defender for Endpoint
DeviceTvmSecureConfigurationAssessmentKB table in the advanced hunting schema contains information about the various secure configurations checked by Microsoft Defender Vulnerability Management. It also includes risk information, related industry benchmarks, and applicable MITRE ATT&CK techniques and tactics.
This table doesn't return events or records. We recommend joining this table to the DeviceTvmSecureConfigurationAssessment table using
ConfigurationId to view text information about the security configurations in the returned assessments.
For example, when you query the
DeviceTvmSecureConfigurationAssessment table you might want to view the
ConfigurationDescription for the security configurations that come up in the assessment results. You can see this information by joining this table to
ConfigurationId and project
For information on other tables in the advanced hunting schema, see the advanced hunting reference.
|Column name||Data type||Description|
||Unique identifier for a specific configuration|
||Rated impact of the configuration to the overall configuration score (1-10)|
||Display name of the configuration|
||Description of the configuration|
||Description of the associated risk|
||Category or grouping to which the configuration belongs: Application, OS, Network, Accounts, Security controls|
||Subcategory or subgrouping to which the configuration belongs. In many cases, this describes specific capabilities or features.|
||List of industry benchmarks recommending the same or similar configuration|
||Labels representing various attributes used to identify or categorize a security configuration|
||Recommended actions to reduce or address any associated risks|
You can try this example query to return relevant configuration metadata along with information on devices with non-compliant antivirus configurations from the
// Get information on devices with antivirus configurations issues DeviceTvmSecureConfigurationAssessment | where ConfigurationSubcategory == 'Antivirus' and IsApplicable == 1 and IsCompliant == 0 | join kind=leftouter ( DeviceTvmSecureConfigurationAssessmentKB | project ConfigurationId, ConfigurationName, ConfigurationDescription, RiskDescription, Tags, ConfigurationImpact ) on ConfigurationId | project DeviceName, OSPlatform, ConfigurationId, ConfigurationName, ConfigurationCategory, ConfigurationSubcategory, ConfigurationDescription, RiskDescription, ConfigurationImpact, Tags
- Proactively hunt for threats
- Learn the query language
- Use shared queries
- Hunt across devices, emails, apps, and identities
- Understand the schema
- Apply query best practices
- Overview of Microsoft Defender Vulnerability Management
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender XDR Tech Community.