When using Microsoft Graph API on /deviceManagement/managedDevices/<DEVICE_ID>?$expand=detectedApps/, I'm unable to see Windows Defender as a detected app. Why is that?
When using Microsoft Graph API on /deviceManagement/managedDevices/<DEVICE_ID>?$expand=detectedApps/, I'm unable to see Windows Defender as a detected app. Why is that?
@David-3971 Thanks for posting in our Q&A.
For this issue, the data in Graph detectedApps is the same in discovered apps in intune portal. For intune discovered apps, I will share some information with you:
1.Make sure the ownership of the devices in Intune are marked as Corporate, if it's Personal, only managed apps can be listed in the report.
2.For corporate Windows 10 devices, it will lists modern apps and MSI installed apps.
Referenece:https://docs.microsoft.com/en-us/mem/intune/apps/app-discovered-apps
It means not all apps will list in discovered apps. Based on my understanding, Windows Defender may not be the appropriate app type.
Thanks for understanding.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
@LuDaiMSFT-0289 Thanks for the quick response!
Yes, these devices are Corporate -- I did see this called out in the documentation :)
If Windows Defender is not a "modern app / MSI installed app", how can I detect it via the API? Is there another endpoint I should investigate?
Thanks again!
@David-3971 Thanks for your update.
Microsoft Defender is built into windows 10, it's different from other apps that require manual installation. For how to detecting it, I have no idea. Please don't worry, the forum is an open platform. Let's wait someone else will provide some ideas.
Or it is better to create an online support ticket to handle this issue more effectively. Here is the online support link and hope it helpful.
https://docs.microsoft.com/en-us/mem/intune/fundamentals/get-support
Thanks for understanding.
Can we take a step back and understand the requirement? What are you trying to accomplish here? Is this anything to do with Defender for Endpoint onboarding?
Hi @RahulJindal-2267 -- Thanks for helping! I'm trying to detect if my employee's computer has an antivirus installed through the Graph API. When using detectedApps, I can get an inventory of all my employee's apps, but Windows Defender does not show up.
How can I verify through the Graph API that this employee device has antivirus installed? Is there a difference if it's Windows Defender vs other Antivirus?
In that case I agree with @LuDaiMSFT-0289. Defender is inbuilt in the Windows 10 OS and not installed separately. In order to get status or the presence of the Defender component, you can probably run a proactive remediation script in Intune to run for the detection of the Windefend service running or the status of the AV component itself. Get-MPComputerStatus will be a good place to start with.
6 people are following this question.
Can Intune PowerShell return VPP enrolled devices (not yet assigned)?
How to distinguish devices non-compliancy reasons with Intune Data Warehouse in PowerBi
Intune and ADE - No VPP Tokens Found
User Affinity vs. Non User Affinity
How do I assign an iOS configuration profile to specific devices in Endpoint Manager