kqlHunting

Prioritize Secure Configuration

This query helps you prioritize configuration changes that affect your devices based on the Microsoft Defender TVM modules.

Detection Query

DeviceTvmSecureConfigurationAssessment
| summarize TotalDevices = dcount(DeviceId) by ConfigurationId, ConfigurationCategory
| join kind=inner DeviceTvmSecureConfigurationAssessmentKB on ConfigurationId
| sort by ConfigurationImpact, TotalDevices
| project-reorder ConfigurationId, ConfigurationImpact, TotalDevices, ConfigurationName,  ConfigurationCategory, ConfigurationSubcategory

Platforms

microsoft-defender

References

https://learn.microsoft.com/en-us/defender-xdr/advanced-hunting-devicetvmsecureconfigurationassessment-table

Tags

vulnerability-managementhunting

Raw Content

# Prioritize Secure Configuration

## Query Information

#### Description
This query helps you prioritize configuration changes that affect your devices based on the Microsoft Defender TVM modules.

#### References
- https://learn.microsoft.com/en-us/defender-xdr/advanced-hunting-devicetvmsecureconfigurationassessment-table

## Defender XDR
```KQL
DeviceTvmSecureConfigurationAssessment
| summarize TotalDevices = dcount(DeviceId) by ConfigurationId, ConfigurationCategory
| join kind=inner DeviceTvmSecureConfigurationAssessmentKB on ConfigurationId
| sort by ConfigurationImpact, TotalDevices
| project-reorder ConfigurationId, ConfigurationImpact, TotalDevices, ConfigurationName,  ConfigurationCategory, ConfigurationSubcategory
```