defender-endpoint-machines
Get machines from Microsoft Defender for Endpoint service.
defender-endpoint-machines [profile=PROFILE]
- profile=PROFILE
- Defender endpoint connect profile code
Output Fields
| Field | Type | Name | Description |
|---|---|---|---|
| machine_id | String | Machine ID | |
| private_ip | IP address | Private IP | |
| public_ip | IP address | Public IP | |
| hostname | String | Hostname | |
| os_name | String | OS Name | e.g. Windows11 |
| os_ver | String | OS Version | e.g. 22H2 |
| os_arch | String | OS Architecture | e.g. x64 |
| os_build | String | OS Build | e.g. 22621 |
| device_value | String | Device Value | e.g. Normal |
| risk_level | String | Risk Level | e.g. None, Informational, Low, Medium, High |
| exposure_level | String | Exposure Level | e.g. None, Low, Medium, High |
| health_status | String | Health Status | e.g. Active, Inactive, NoSensorData |
| onboarding_status | String | Onboarding Status | e.g. Onboarded, CanBeOnboarded, InsufficientInfo, Unsupported |
| defender_av_status | String | Defender AV Status | e.g. NotSupported, NotUpdated, Unknown, Updated |
| agent_version | String | Agent Version | e.g. 1.1500 |
| first_seen | Date | First Seen | |
| last_seen | Date | Last Seen | |
| risk_score | Integer | Risk Score | e.g. 0, 1, 2, 3, 4 |
| exposure_score | Integer | Exposure Score | e.g. 0, 1, 2, 3 |
| entra_device_id | String | ENTRA Device ID | |
| exclusion_reason | String | Exclusion Reason | e.g. DeviceDoesNotExist, DuplicateDevice |
| is_entra_joined | Bool | Is ENTRA Joined | |
| is_excluded | Bool | Is Excluded | |
| is_potential_duplication | Bool | Is Potential Duplication | |
| machine_tags | String | Machine Tags | |
| managed_by | String | Managed By | e.g. Unknown |
| managed_by_status | String | Managed By Status | e.g. Unknown |
| rbac_group_id | Integer | RBAC Group ID | |
| rbac_group_name | String | RBAC Group Name | |
| nics | List | NICs |