Views:

View your Microsoft Defender for Endpoint security configuration status in Security Configuration Overview.

Important
Important
This is a "Pre-release" feature and is not considered an official release. Please review the Pre-release disclaimer before using the feature.
If you have enabled Microsoft Defender for Endpoint Log Collection through a connected Azure subscription in Cloud Accounts, you can change the Endpoint Security data source in Security Configuration Overview to view your endpoint protection status based on Microsoft Defender for Endpoint data.
Important
Important
  • Data from Microsoft Defender for Endpoint might take up to one day to display after the integration is first enabled.
  • Data from Microsoft Defender for Endpoint contributes to asset discovery and risk analyses, which affects your Cyber Risk Index and may affect credit requirements. For more information, see Credit requirements for Trend Vision One solutions, capabilities, and features.
  • Data in Microsoft Defender for Endpoint widgets is for security configuration visibility only. Access your Microsoft Defender for Endpoint console to manage assets and perform remediation.
The following table details the widgets available in the Microsoft Defender for Endpoint view within the Endpoint Security layer of Security Configuration Overview.

Endpoint Security Widgets - Microsoft Defender for Endpoint

Widget
Description
Endpoint operating system distribution
The distribution of operating systems on your Microsoft Defender for Endpoint-managed endpoints. Supported operating systems include:
  • Windows
  • macOS
  • Linux
Click the discovered endpoint total to view your discovered Microsoft Defender for Endpoint endpoints on the device list in Attack Surface Discovery. Click the total for each operating system to view discovered endpoints filtered by operating system.
Risk events by category
Total security configuration risk events detected by security category. Click a total to view corresponding risk events in Risk Reduction Measures within Threat and Exposure Management. Available categories and corresponding risk events include:
  • Account misconfigurations: Microsoft Defender for Endpoint - Non-Compliant or Insecure Account Configuration
  • Application misconfigurations: Microsoft Defender for Endpoint - Non-Compliant or Insecure Application Configuration
  • Network misconfigurations: Microsoft Defender for Endpoint - Non-Compliant or Insecure Network Configuration
  • Network exposures: Microsoft Defender for Endpoint - Exposed or Misconfigured Network Resource or Service
  • Operating system misconfigurations: Microsoft Defender for Endpoint - Non-Compliant Operating System Configuration
  • Security controls: Microsoft Defender for Endpoint - Missing or Disabled Security Controls
Note
Note
  • Microsoft Defender for Endpoint risk events correspond with security recommendations in the Microsoft Defender for Endpoint Console.
  • You must have credits allocated to Cyber Risk Exposure Management in order to view Microsoft Defender for Endpoint risk events in Threat and Exposure Management. For more information, see Credit requirements for Trend Vision One solutions, capabilities, and features.
Endpoint protection version status
Total endpoints running outdated, up-to-date, and unknown Microsoft Defender for Endpoint update components, including engine, platform, and security intelligence components. You should apply the latest Microsoft security intelligence update for any endpoints with outdated versions to strengthen your security posture. For information on the latest Microsoft security intelligence updates, see the Microsoft documentation.