Some organizations have achieved this by connecting their asset lifecycle workflow with Defender to automatically execute the API call when the state of the device changes.Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. The most interesting case is where you can automate this process through an API. ![]() This can be done manually (as seen in Figure 3) on the device page or through the API. By excluding devices tagged as inactive, these devices won’t skew your reports or interfere with other maintenance work. Throughout the portal and different reports, you can filter the data based on the group a device is in. Do this by adding the tag ‘Offboarded’ to inactive devices and creating a device group based on the tag value. While no ideal solution exists for managing inactive devices within Microsoft Defender for Endpoint, I recommend using a combination of tags and device groups. ![]() A device only disappears from reports and Vulnerability Management after 30 days of inactivity. But having a lot of inactive devices will influence your vulnerability reporting. This is expected, as a device that is turned off cannot receive an update.
0 Comments
Leave a Reply. |