Cette requête permet de :
- Identifier les appareils onboardés qui n’ont pas appliqué les mises à jour de sécurité recommandées.
- Regrouper par version de Windows (10, 11, Server).
- Compter les appareils exposés pour chaque version.
DeviceTvmSoftwareVulnerabilities
| where SoftwareVendor == 'microsoft'
| where SoftwareName has_any ('windows_11','windows_10','Windows_Server')
| where isnotempty(RecommendedSecurityUpdate)
| distinct DeviceId, RecommendedSecurityUpdate, RecommendedSecurityUpdateId, SoftwareName
| join kind=leftouter (
DeviceInfo
| where isnotempty(OSPlatform)
| where OnboardingStatus == 'Onboarded'
| where isnotempty(OSVersionInfo)
| summarize arg_max(Timestamp, *) by DeviceId)
on $left.DeviceId == $right.DeviceId
| summarize MissingDevices = make_set(DeviceName) by SoftwareName
| extend TotalMissingKBDevice = array_length(MissingDevices)
| project ['Total Exposed devices'] = TotalMissingKBDevice, SoftwareName
Laisser un commentaire