Microsoft Defender has a variety of network/device discovery features including passive discovery, active discovery and various Vulnerability Management scanning functions. The discovered devices are available within Microsoft Defender and displayed with an onboarding status of:
- Onboarded - devices are already enrolled in MDE
- Can be onboarded - discovered devices meet the criteria for onboarding into MDE
- Unsupported - discovered devices do not meet the criteria for onboarding into MDE (network devices, OT/IOT)
- Insufficient information - discovered devices lack sufficient configuration information to determine if onboarding to MDE is possible.
Prelude SCM will import and analyze the device data in the following ways:
- Onboarded devices are assessed and included under the EDR control category. These devices will not be displayed under the Device Discovery control category
- Can be onboarded devices appear under the Device Discovery control category and will be included in the No EDR and No Endpoint Management calculations. **Mobile devices (iOS/Android) are currently ignored by Prelude SCM, Mobile devices will be included in a designated control category in the future
- Unsupported devices are ignored by Prelude SCM
- Insufficient information are ignored by Prelude SCM