Kql

Local admin report with Defender for EndPoint

Alex Mags

Securing Windows PCs starts with managing local administator access. Microsoft Defender for Endpoint logs every login and records if it was a local admin. Use this KQL query in the Advanced Hunting portal to create a report.

Bitlocker status report with Defender for EndPoint

Alex Mags

Are all your machines encrypted? If a laptop was lost is the data protected or you’ll need to declare. Microsoft Defender for EndPoint (aka ATP) stores Bitlocker status information. Use the following KQL query in the Advanced Hunting portal.