View

The Open threats view is opened by default as a preconfigured view for the Computer list.

By clicking on the down arrow you can select more views from three different areas:

  1. Computer

    The Computers section will show the affected computers based on the view you choose.

    For example, the preconfigured view Features to enable displays the number of computers where Microsoft Defender features are available but not active. Features that can be enabled include access protection, real-time protection, and behavior and tamper protection. Here the system checks whether the feature is actually available. For example, tamper protection is only available from Windows 10 1903 onwards.

    By clicking on you can display the detailed view for each computer, which is composed of different blocks:

    • Overall computer status provides an overview of the status of Microsoft Defender, such as version numbers, available features and services, and the last update date. The lines that suggest an issue are highlighted in red in this view.

    • Open/ resolved/ suppressed threats

      Based on the status of existing threats, they are displayed under open, resolved or suppressed threats. Open threats can be suppressed for the selected computer or for all computers.

      The Open encyclopedia link will take you to a Microsoft information page where you can get more information about the threat.

      The Show threat detection details link opens the details view of the threat on the computer, where you can see which files are affected or when the threat was found.

    • Properties

      The properties include general operating system information and the detailed status of Micrsosoft Defender, as displayed on a computer via the Powershell command Get-MpComputerStatus, for example.

      The Last update line shows when the DES was last updated by the agent.

  2. Detected threats

    Here you can select how the detected threats are grouped (by category or by severity) or whether all suppressed threats are displayed as a preconfigured view.

  3. Threat detection details

    Each threat can occur several times on the same computer, e.g. in different directories, on different USB sticks or several times in a row. The items shown in the list correspond to the occurrence of a threat on a computer. So several lines may contain the same computer with the same threat.

    The detail view shows affected files and the properties of the threat. In the properties you can see the status of the threat and when the last Defender action took place.