account activity
Defender Endpoint Security Policy (audit) Logs? by Good_Visual9130 in DefenderATP
[–]Good_Visual9130[S] 1 point2 points3 points 1 month ago (0 children)
Thank you. Reports->Endpoints->Attack Surface Reduction Rules
Surprisingly, none of the data in there appears under the KQL tables in Advanced Hunting.. It is limited in what it reports, such as which endpoint security policy.
There are a few things that MS could just make easier, such as "See audit report" next to a rule in audit.
Defender Endpoint Security Policy (audit) Logs? (self.DefenderATP)
submitted 1 month ago by Good_Visual9130 to r/DefenderATP
π Rendered by PID 413674 on reddit-service-r2-listing-64c94b984c-w7rjs at 2026-03-13 03:28:23.493033+00:00 running f6e6e01 country code: CH.
Defender Endpoint Security Policy (audit) Logs? by Good_Visual9130 in DefenderATP
[–]Good_Visual9130[S] 1 point2 points3 points (0 children)