查看和组织适用于终结点设备的 Microsoft Defender 列表View and organize the Microsoft Defender for Endpoint Devices list

适用于:Applies to:

想要体验适用于终结点的 Defender?Want to experience Defender for Endpoint? 注册免费试用版。Sign up for a free trial.

"设备" 列表显示网络中生成警报的设备列表。The Devices list shows a list of the devices in your network where alerts were generated. 默认情况下,队列显示最近 30 天内看到的设备。By default, the queue displays devices seen in the last 30 days.

一目了然地,你将看到域、风险级别、操作系统平台和其他详细信息,以轻松识别风险最大的设备。At a glance you'll see information such as domain, risk level, OS platform, and other details for easy identification of devices most at risk.

有几种选项可供选择以自定义设备列表视图。There are several options you can choose from to customize the devices list view. 在顶部导航上,你可以:On the top navigation you can:

  • 添加或删除列Add or remove columns
  • 导出 CSV 格式的整个列表Export the entire list in CSV format
  • 选择要显示每页的项目数Select the number of items to show per page
  • 应用筛选器Apply filters

在载入过程中, 设备列表 将随着设备开始报告传感器数据而逐渐填充。During the onboarding process, the Devices list is gradually populated with devices as they begin to report sensor data. 使用此视图在已载入终结点联机时跟踪它们,或下载完整的终结点列表作为 CSV 文件进行脱机分析。Use this view to track your onboarded endpoints as they come online, or download the complete endpoint list as a CSV file for offline analysis.

备注

如果导出设备列表,它将包含组织的每台设备。If you export the device list, it will contain every device in your organization. 下载可能需要很长时间,具体取决于你的组织规模。It might take a significant amount of time to download, depending on how large your organization is. 以 CSV 格式导出列表以未筛选的方式显示数据。Exporting the list in CSV format displays the data in an unfiltered manner. CSV 文件将包含组织的所有设备,而不考虑视图本身应用的任何筛选。The CSV file will include all devices in the organization, regardless of any filtering applied in the view itself.

包含设备列表的设备列表的图像

排序和筛选设备列表Sort and filter the device list

可以应用以下筛选器来限制警报列表,并获取更集中的视图。You can apply the following filters to limit the list of alerts and get a more focused view.

风险级别Risk level

风险级别根据各种因素(包括设备上活动警报的类型和严重性)反映了设备的总体风险评估。The risk level reflects the overall risk assessment of the device based on a combination of factors, including the types and severity of active alerts on the device. 解决活动警报、批准修正活动以及抑制后续警报会降低风险级别。Resolving active alerts, approving remediation activities, and suppressing subsequent alerts can lower the risk level.

曝光级别Exposure level

曝光级别根据设备挂起的安全建议累积影响反映设备的当前曝光情况。The exposure level reflects the current exposure of the device based on the cumulative impact of its pending security recommendations. 可能的级别为低、中和高。The possible levels are low, medium, and high. 低曝光意味着你的设备不太容易被利用。Low exposure means your devices are less vulnerable from exploitation.

如果曝光级别显示"无可用数据",可能有以下原因:If the exposure level says "No data available," there are a few reasons why this may be the case:

操作系统平台OS Platform

仅选择你有兴趣调查的操作系统平台。Select only the OS platforms you're interested in investigating.

运行状况Health state

按以下设备运行状况状态进行筛选:Filter by the following device health states:

  • 活动 – 主动向服务报告传感器数据的设备。Active – Devices that are actively reporting sensor data to the service.

  • 活动 – 已完全停止发送信号超过 7 天的设备。Inactive – Devices that have completely stopped sending signals for more than 7 days.

  • 错误配置 – 与服务通信受损或无法发送传感器数据的设备。Misconfigured – Devices that have impaired communications with service or are unable to send sensor data. 可以将错误配置的设备进一步分类为:Misconfigured devices can further be classified to:

    • 无传感器数据No sensor data
    • 通信受损Impaired communications

    若要详细了解如何解决错误配置设备上的问题,请参阅修复 不正常的传感器For more information on how to address issues on misconfigured devices see, Fix unhealthy sensors.

防病毒状态Antivirus status

按防病毒状态筛选设备。Filter devices by antivirus status. 仅适用于活动的 Windows 10 设备。Applies to active Windows 10 devices only.

  • 已禁用 - &威胁防护已关闭。Disabled - Virus & threat protection is turned off.
  • 不报告 - 病毒&威胁防护未报告。Not reporting - Virus & threat protection is not reporting.
  • 未更新 - 病毒&威胁防护不是最新的。Not updated - Virus & threat protection is not up to date.

有关详细信息,请参阅查看威胁 &漏洞管理仪表板For more information, see View the Threat & Vulnerability Management dashboard.

威胁缓解状态Threat mitigation status

若要查看受特定威胁影响的设备,请从下拉菜单中选择威胁,然后选择需要缓解的漏洞方面。To view devices that may be affected by a certain threat, select the threat from the dropdown menu, and then select what vulnerability aspect needs to be mitigated.

若要了解有关特定威胁的更多信息,请参阅 威胁分析To learn more about certain threats, see Threat analytics. 有关缓解信息,请参阅威胁&漏洞管理。For mitigation information, see Threat & Vulnerability Management.

Windows 10 版本Windows 10 version

仅选择你有兴趣调查的 Windows 10 版本。Select only the Windows 10 versions you're interested in investigating.

标记&组Tags & Groups

根据已添加到个别设备的分组和标记筛选列表。Filter the list based on the grouping and tagging that you've added to individual devices. 请参阅创建和管理设备标记和创建和管理设备组See Create and manage device tags and Create and manage device groups.