Device health reports in Microsoft Defender for Endpoint
Applies to:
- Microsoft Defender XDR
- Microsoft Defender for Endpoint
- Microsoft Defender for Endpoint Plan 1
- Microsoft Defender for Endpoint Plan 2
- Microsoft Defender for Business
Want to experience Microsoft Defender for Endpoint? Sign up for a free trial.
The Device Health report provides information about the devices in your organization. The report includes trending information showing the sensor health state, antivirus status, OS platforms, Windows 10 versions, and Microsoft Defender Antivirus update versions.
Important
For Windows Server 2012 R2 and Windows Server 2016 to appear in device health reports, these devices must be onboarded using the modern unified solution package. For more information, see New functionality in the modern unified solution for Windows Server 2012 R2 and 2016.
In the Microsoft Defender portal navigation panel, select Reports, and then open Device health and compliance. The Device health and compliance dashboard is structured in two tabs:
The Sensor health & OS tab provides general operating system information, divided into three cards that display the following device attributes:
The Microsoft Defender Antivirus health tab has eight cards that report on aspects of Microsoft Defender Antivirus:
Report access permissions
To access the Device health and antivirus compliance report in the Microsoft Defender portal, the following permissions are required:
Permission name | Permission type |
---|---|
View Data | Threat and vulnerability management (TVM) |
Important
Microsoft recommends that you use roles with the fewest permissions. This helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
To Assign these permissions:
Sign in to the Microsoft Defender portal using account with Security administrator or Global administrator role assigned.
In the navigation pane, select Settings > Endpoints > Roles (under Permissions).
Select the role you'd like to edit.
Select Edit.
In Edit role, on the General tab, in Role name, type a name for the role.
In Description type a brief summary of the role.
In Permissions, select View Data, and under View Data select Threat and vulnerability management (TVM).
See also
Tip
Performance tip Due to a variety of factors (examples listed below) Microsoft Defender Antivirus, like other antivirus software, can cause performance issues on endpoint devices. In some cases, you might need to tune the performance of Microsoft Defender Antivirus to alleviate those performance issues. Microsoft's Performance analyzer is a PowerShell command-line tool that helps determine which files, file paths, processes, and file extensions might be causing performance issues; some examples are:
- Top paths that impact scan time
- Top files that impact scan time
- Top processes that impact scan time
- Top file extensions that impact scan time
- Combinations – for example:
- top files per extension
- top paths per extension
- top processes per path
- top scans per file
- top scans per file per process
You can use the information gathered using Performance analyzer to better assess performance issues and apply remediation actions. See: Performance analyzer for Microsoft Defender Antivirus.
- Create and manage roles for role-based access control.
- Export device antivirus health details API methods and properties
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.