Edit

Share via


Device health reports in Microsoft Defender for Endpoint

The Device Health report provides information about the devices in your organization. The report includes trending information showing the sensor health state, antivirus status, OS platforms, Windows 10 versions, and Microsoft Defender Antivirus update versions.

Important

For Windows Server 2012 R2 and Windows Server 2016 to appear in device health reports, these devices must be onboarded using the modern unified solution package. For more information, see New functionality in the modern unified solution for Windows Server 2012 R2 and 2016.

In the Microsoft Defender portal navigation panel, select Reports, and then open Device health and compliance. The Device health and compliance dashboard is structured in two tabs:

Report access permissions

To access the Device health and antivirus compliance report in the Microsoft Defender portal, the following permissions are required:

Permission name Permission type
View Data Threat and vulnerability management (TVM)

Important

Microsoft recommends that you use roles with the fewest permissions. This helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.

To Assign these permissions:

  1. Sign in to the Microsoft Defender portal using account with Security administrator or Global administrator role assigned.

  2. In the navigation pane, select Settings > Endpoints > Roles (under Permissions).

  3. Select the role you'd like to edit.

  4. Select Edit.

  5. In Edit role, on the General tab, in Role name, type a name for the role.

  6. In Description type a brief summary of the role.

  7. In Permissions, select View Data, and under View Data select Threat and vulnerability management (TVM).

See also

Tip

Performance tip Due to a variety of factors (examples listed below) Microsoft Defender Antivirus, like other antivirus software, can cause performance issues on endpoint devices. In some cases, you might need to tune the performance of Microsoft Defender Antivirus to alleviate those performance issues. Microsoft's Performance analyzer is a PowerShell command-line tool that helps determine which files, file paths, processes, and file extensions might be causing performance issues; some examples are:

  • Top paths that impact scan time
  • Top files that impact scan time
  • Top processes that impact scan time
  • Top file extensions that impact scan time
  • Combinations – for example:
    • top files per extension
    • top paths per extension
    • top processes per path
    • top scans per file
    • top scans per file per process

You can use the information gathered using Performance analyzer to better assess performance issues and apply remediation actions. See: Performance analyzer for Microsoft Defender Antivirus.

Tip

Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.