DeviceBaselineComplianceAssessmentKB (Preview)

Applies to:

  • Microsoft Defender XDR
  • Microsoft Defender for Endpoint

Important

Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

The DeviceBaselineComplianceAssessmentKB table in the advanced hunting schema contains information about various security configurations used by baseline compliance to assess devices.

For information on other tables in the advanced hunting schema, see the advanced hunting reference.

Column name Data type Description
ConfigurationId string Unique identifier for a specific configuration
ConfigurationName string Display name of the configuration
ConfigurationDescription string Description of the configuration
ConfigurationRationale string Description of any associated risks and rationale behind the configuration
ConfigurationCategory string Category or grouping to which the configuration belongs
BenchmarkProfileLevels dynamic List of benchmark compliance levels for which the configuration is applicable
CCEReference string Unique Common Configuration Enumeration (CCE) identifier for the configuration
RemediationOptions string Recommended actions to reduce or address any associated risks
ConfigurationBenchmark string Industry benchmark recommending the configuration
Source dynamic The registry path or other location used to determine the current device setting
RecommendedValue dynamic Set of expected values for the current device setting to be compliant

Tip

Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender XDR Tech Community.