question

David-3971 avatar image
0 Votes"
David-3971 asked RahulJindal-2267 commented

detectedApps do not list Windows Defender

When using Microsoft Graph API on /deviceManagement/managedDevices/<DEVICE_ID>?$expand=detectedApps/, I'm unable to see Windows Defender as a detected app. Why is that?

mem-intune-generalmem-intune-graph
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LuDaiMSFT-0289 avatar image
0 Votes"
LuDaiMSFT-0289 answered David-3971 commented

@David-3971 Thanks for posting in our Q&A.

For this issue, the data in Graph detectedApps is the same in discovered apps in intune portal. For intune discovered apps, I will share some information with you:
1.Make sure the ownership of the devices in Intune are marked as Corporate, if it's Personal, only managed apps can be listed in the report.
2.For corporate Windows 10 devices, it will lists modern apps and MSI installed apps.
Referenece:https://docs.microsoft.com/en-us/mem/intune/apps/app-discovered-apps

It means not all apps will list in discovered apps. Based on my understanding, Windows Defender may not be the appropriate app type.

Thanks for understanding.


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@LuDaiMSFT-0289 Thanks for the quick response!

  1. Yes, these devices are Corporate -- I did see this called out in the documentation :)

  2. If Windows Defender is not a "modern app / MSI installed app", how can I detect it via the API? Is there another endpoint I should investigate?

Thanks again!

0 Votes 0 ·

@David-3971 Thanks for your update.

Microsoft Defender is built into windows 10, it's different from other apps that require manual installation. For how to detecting it, I have no idea. Please don't worry, the forum is an open platform. Let's wait someone else will provide some ideas.

Or it is better to create an online support ticket to handle this issue more effectively. Here is the online support link and hope it helpful.
https://docs.microsoft.com/en-us/mem/intune/fundamentals/get-support

Thanks for understanding.

1 Vote 1 ·

(Filed a ticket. Thank you!)

0 Votes 0 ·
RahulJindal-2267 avatar image
0 Votes"
RahulJindal-2267 answered RahulJindal-2267 commented

Can we take a step back and understand the requirement? What are you trying to accomplish here? Is this anything to do with Defender for Endpoint onboarding?

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @RahulJindal-2267 -- Thanks for helping! I'm trying to detect if my employee's computer has an antivirus installed through the Graph API. When using detectedApps, I can get an inventory of all my employee's apps, but Windows Defender does not show up.

How can I verify through the Graph API that this employee device has antivirus installed? Is there a difference if it's Windows Defender vs other Antivirus?

0 Votes 0 ·

In that case I agree with @LuDaiMSFT-0289. Defender is inbuilt in the Windows 10 OS and not installed separately. In order to get status or the presence of the Defender component, you can probably run a proactive remediation script in Intune to run for the detection of the Windefend service running or the status of the AV component itself. Get-MPComputerStatus will be a good place to start with.

0 Votes 0 ·