0

Using Azure, I want to be able to query Windows Servers (using Defender cmdlets) based on Windows Defender values (i.e. AntispywareSignatureAge). Using PowerShell I can run local scripts and check for those said values. However, this tasks becomes impossible when you have several hundred servers.

Is there a way to efficiently query all this data in Azure using the PowerShell cmdlets? (some places that come to mind are OMS, Log Analytics)

IPew
  • 29
  • 6

1 Answers1

1

You could setup a windows service that collects this data and then sends it to Azure.

To query the results: https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/review-scan-results-windows-defender-antivirus

Powershell windows services: https://msdn.microsoft.com/en-us/magazine/mt703436.aspx

Depending on your skills you can create an api to send the results to azure and call the endpoints from powershell.

Or you can upload files and process them in azure: https://www.nhaustralia.com.au/blog/Using-PowerShell-to-upload-files-to-your-Azure-Storage-Container/

Jobse
  • 166
  • 1
  • 13
  • Yes, after sleeping on it, the best option to send logs to Log Analytics and query the VMs on their status. Thanks Jobse! – IPew Oct 18 '18 at 18:39
  • Found documentation on how to query Azure Log Analytics: https://learn.microsoft.com/en-us/azure/log-analytics/query-language/get-started-queries – IPew Oct 18 '18 at 18:44