Device health reports in Microsoft Defender for Endpoint

Applies to:

• Microsoft Defender XDR
• Microsoft Defender for Endpoint
• Microsoft Defender for Endpoint Plan 1
• Microsoft Defender for Endpoint Plan 2
• Microsoft Defender for Business

Want to experience Microsoft Defender for Endpoint? Sign up for a free trial.

The Device Health report provides information about the devices in your organization. The report includes trending information showing the sensor health state, antivirus status, OS platforms, Windows 10 versions, and Microsoft Defender Antivirus update versions.

Important

For Windows Server 2012 R2 and Windows Server 2016 to appear in device health reports, these devices must be onboarded using the modern unified solution package. For more information, see New functionality in the modern unified solution for Windows Server 2012 R2 and 2016.

In the Microsoft 365 Security dashboard navigation panel, select Reports, and then open Device health and compliance. The Device health and compliance dashboard is structured in two tabs:

• The Sensor health & OS tab provides general operating system information, divided into three cards that display the following device attributes:

  • Sensor health card
  • Operating systems and platforms card
  • Windows versions card

• The Microsoft Defender Antivirus health tab has eight cards that report on aspects of Microsoft Defender Antivirus:

  • Antivirus mode card
  • Antivirus engine version card
  • Antivirus security intelligence version card
  • Antivirus platform version card
  • Recent antivirus scan results card
  • Antivirus engine updates card
  • Security intelligence updates card
  • Antivirus platform updates card

Report access permissions

To access the Device health and antivirus compliance report in the Microsoft 365 Security dashboard, the following permissions are required:

Permission name	Permission type
View Data	Threat and vulnerability management (TVM)

To Assign these permissions:

1. Sign in to Microsoft Defender XDR using account with Security administrator or Global administrator role assigned.
2. In the navigation pane, select Settings > Endpoints > Roles (under Permissions).
3. Select the role you'd like to edit.
4. Select Edit.
5. In Edit role, on the General tab, in Role name, type a name for the role.
6. In Description type a brief summary of the role.
7. In Permissions, select View Data, and under View Data select Threat and vulnerability management (TVM).

See also

Tip

Performance tip Due to a variety of factors (examples listed below) Microsoft Defender Antivirus, like other antivirus software, can cause performance issues on endpoint devices. In some cases, you might need to tune the performance of Microsoft Defender Antivirus to alleviate those performance issues. Microsoft's Performance analyzer is a PowerShell command-line tool that helps determine which files, file paths, processes, and file extensions might be causing performance issues; some examples are:

• Top paths that impact scan time
• Top files that impact scan time
• Top processes that impact scan time
• Top file extensions that impact scan time
• Combinations – for example:
  • top files per extension
  • top paths per extension
  • top processes per path
  • top scans per file
  • top scans per file per process

You can use the information gathered using Performance analyzer to better assess performance issues and apply remediation actions. See: Performance analyzer for Microsoft Defender Antivirus.

• Create and manage roles for role-based access control.
• Export device antivirus health details API methods and properties

Tip

Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.