DeviceBaselineComplianceAssessmentKB (Preview)
Applies to:
- Microsoft Defender XDR
- Microsoft Defender for Endpoint
Important
Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
The DeviceBaselineComplianceAssessmentKB
table in the advanced hunting schema contains information about various security configurations used by baseline compliance to assess devices.
For information on other tables in the advanced hunting schema, see the advanced hunting reference.
Column name | Data type | Description |
---|---|---|
ConfigurationId |
string |
Unique identifier for a specific configuration |
ConfigurationName |
string |
Display name of the configuration |
ConfigurationDescription |
string |
Description of the configuration |
ConfigurationRationale |
string |
Description of any associated risks and rationale behind the configuration |
ConfigurationCategory |
string |
Category or grouping to which the configuration belongs |
BenchmarkProfileLevels |
dynamic |
List of benchmark compliance levels for which the configuration is applicable |
CCEReference |
string |
Unique Common Configuration Enumeration (CCE) identifier for the configuration |
RemediationOptions |
string |
Recommended actions to reduce or address any associated risks |
ConfigurationBenchmark |
string |
Industry benchmark recommending the configuration |
Source |
dynamic |
The registry path or other location used to determine the current device setting |
RecommendedValue |
dynamic |
Set of expected values for the current device setting to be compliant |
- DeviceBaselineComplianceAssessment
- Understand the schema
- Apply query best practices
- Overview of Defender Vulnerability Management
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender XDR Tech Community.