Investigate which Microsoft applications are experiencing the most logon failures and the reasons behind those failures.
[Read more…] about KQL Query: Logon Failure Reason analysisKQL Query: Logon Failure Reason analysis
KQL query: Get Active Directory failed logons
List failed logons logged in Active Directory with additional attributes for investigation and troubleshooting. Comparable to Windows security log event ID 4625.
[Read more…] about KQL query: Get Active Directory failed logonsKQL query: Get Active Directory sensitive group membership changes
List sensitive group membership changes, including who was added or removed to what group, and who made the change.
[Read more…] about KQL query: Get Active Directory sensitive group membership changesKQL query: Get Active Directory group membership changes
Get users and the groups they were added or removed from, including who made the change.
[Read more…] about KQL query: Get Active Directory group membership changesKQL query: List devices vulnerable to CISA known exploited vulnerabilities
Identify devices in your Defender tenant that are vulnerable to known exploited vulnerabilities maintained by CISA.
[Read more…] about KQL query: List devices vulnerable to CISA known exploited vulnerabilitiesKQL query: Get inactive/stale Intune devices
Get Intune devices that have not contacted Intune within the last 45 days and should be considered inactive/stale.
[Read more…] about KQL query: Get inactive/stale Intune devices