Automatically exclude devices from vulnerability management
Hello,
I’ve recently been working on improving the Defender security score and noticed that onboarded devices that haven’t checked in recently are affecting Recommended Actions related to the Defender sensor that significantly impact the score (sensor data collection, impaired communications, turn on sensor).
According to Microsoft, devices that haven’t sent any signals to Defender for Endpoint for more than seven days can be considered inactive.
To achieve a more accurate vulnerability management exposure score, the solution is to exclude these inactive devices from vulnerability management.
However, going through these recommendations and manually excluding the exposed devices from vulnerability management isn’t feasible, especially with a large number of endpoints/clients to manage.
Has anyone encountered a similar scenario?
Hello, I’ve recently been working on improving the Defender security score and noticed that onboarded devices that haven’t checked in recently are affecting Recommended Actions related to the Defender sensor that significantly impact the score (sensor data collection, impaired communications, turn on sensor). According to Microsoft, devices that haven’t sent any signals to Defender for Endpoint for more than seven days can be considered inactive.Fix unhealthy sensors in Microsoft Defender for Endpoint – Microsoft Defender for Endpoint | Microsoft Learn To achieve a more accurate vulnerability management exposure score, the solution is to exclude these inactive devices from vulnerability management.Exclude devices in Microsoft Defender for Endpoint – Microsoft Defender for Endpoint | Microsoft Learn However, going through these recommendations and manually excluding the exposed devices from vulnerability management isn’t feasible, especially with a large number of endpoints/clients to manage. Has anyone encountered a similar scenario? Read More
