Configure effective Defender KQL queries to identify unmanaged devices running older versions of Windows, ensuring network detectability and monitoring.

Tutorial Defender – KQL to detect unmanaged devices with older Windows

Access the Microsoft Defender portal.

Copy to Clipboard

Access the Advanced hunting option.

defender-advanced-hunting

The path to Advanced hunting.

Copy to Clipboard

On the Advanced hunting screen, create a new query.

defender-advanced-hunting-new-query

KQL query to detect unmanaged devices running older versions of Windows.

Copy to Clipboard

This KQL query is designed to identify unmanaged devices running older versions of Windows, specifically Windows 8 and Windows 7.

Implementing Defender’s KQL queries effectively identifies older Windows versions on unmanaged devices, strengthening cybersecurity measures and ensuring optimal system protection.