Report on Windows Defender Antivirus
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
There are a number of ways you can review protection status and alerts, depending on the management tool you are using for Windows Defender Antivirus.
Microsoft Operations Management Suite has an Update Compliance add-in that reports on key Windows Defender Antivirus issues, including protection updates and real-time protection settings.
If you have a third-party security information and event management (SIEM) tool, you can also consume Windows Defender client events.
These events can be centrally aggregated using the Windows event collector. It is common practice for SIEMs to have connectors for Windows events. This technique allows for correlation of all security events from the machine in the SIEM.
For monitoring or determining status with PowerShell, WMI, or Microsoft Azure, see the (Deployment, management, and reporting options table).