Vulnerabilities Dashboard

 


Have you previously operated a device to mitigate vulnerabilities and subsequently received an extensive list of vulnerabilities from cybersecurity for that device?

You are not alone in this experience.

 

This isn't a new feature, we are fortunate to have talented individuals in the community, such as Fabian Bader and Nathen McNulty, who have made significant contributions in this area. I have documented their efforts and recommended their work to my clients during my collaborations.

 

During my previous engagement with the Intune team, I observed that their permissions were highly restricted. They lacked access to cybersecurity tools such as Defender, Tenable, CrowdStrike, and Entra. As a result, they were unable to independently identify device deficiencies or vulnerabilities, relying instead on their cybersecurity team for such information. When I recommended community solutions, they expressed appreciation. However, they do not possess the authority to develop applications within Entra and are seeking a solution that can operate locally while offering comprehensive visibility beyond what is available solely through PowerShell interfaces.

 

Last month, I dedicated time to developing a script capable of operating locally without dependence on the API. This script features an HTML dashboard to enhance visibility. It will execute checks in collaboration with the Microsoft Security Response Center (MSRC) to identify vulnerabilities, with restricted access to display certain applications by referencing the National Vulnerability Database (NVD). It's not an amazing thing, but I was happy after meeting the client’s requirements and letting them check the device with all critical or high vulnerabilities without waiting for a vulnerability report for the Cyber Team to hammer them, so they can fix it faster.




Get the script for GitHub 👉 Matt-Public-Repo/Defender/README.md at Script(s) · Muthannaaljanabi/Matt-Public-Repo

Please read the README.md file. There are many details, to get the Dashboard above, you can run the Check-Vulnerabilities-Dashboard script, to get some App vulnerabilities (this covers limited apps)



Ensure that the output HTML file path is changed to match your environment.

 

I am working on improving this one to let it run via Intune, and I am trying to make it as easy as possible, with you needing to create an App in Entra or other things.

 

You may also execute the 'Check-AllVulnerabilities.sp1' script by running it with or without the third-party switch. This will assist in providing a comprehensive overview of the total vulnerabilities, including the number of critical, high, medium, and low severity issues.



 

Finally, you can simply run Check-MSRCVulnerabilities-API.ps1 to find out the total number of unpatched vulnerabilities, without going into the details, as provided by Microsoft Security Response Center (MSRC).



 

Thanks for the reading.

 



Comments

Post a Comment

Popular posts from this blog

New LAPS for Windows 11 24H2

Image
  Windows LAPS automatically manages and backs up the password of a local administrator account on devices joined to Microsoft Entra ID (formerly Azure AD) or Windows Server Active Directory. This feature helps protect against pass-the-hash and lateral-traversal attacks, enhances security for remote help desk scenarios, and facilitates device recovery if they become inaccessible.   As many of you know, LAPS for Entra joined devices was announced around 2023 and has worked perfectly since then on Entra, Hybrid, joined, and On-premises devices via AD as well. One of the big challenges we all know is that the first version (if I can say that) of LAPS did not allow you to create a new custom admin account or change the existing admin account, which meant we had to use custom configuration or scripts to do that.   Microsoft announced the new LAPS about 3 weeks ago via Arnab Mitra, Sr. Program Manager at Microsoft, and it was a great announcement. Let us go ahead and co...
Read more

Why Your Devices Are Skipping Updates in SCCM and Intune – And How to Fix It Fast

Image
  Ever wondered why some devices in your organization stubbornly refuse to get updates despite being in SCCM or Intune? This represents a common challenge faced by administrators during the implementation of security patches. Administrators endeavor to fulfill their responsibilities and meet the expectations of the security, compliance teams, and management. I was among those 😒 who initiated a hot seat challenge from August to October 2025. Many customers were affected, regardless of their Endpoint Management system, whether SCCM or Intune. Some of their devices repeatedly failed despite ongoing efforts 🙄 . Why should I care? When you work with Endpoints, you're engaging with your compliance and cybersecurity team, who want to make sure there are no security risks. They focus on Security Zero Trust and Conditional Access, so your users can smoothly access your organization's resources without being blocked just because a device isn't marked as compliant.    ...
Read more

M365 Tips to secure your tenant

Image
  🔐 5 Quick CIS Security Wins to Strengthen Your Microsoft 365 Tenant Today   As IT professionals, we all want a secure tenant, but between tickets, deployments, and patching, configuring new settings in Intune, Entra, Defender, etc. security hardening often gets pushed to ‘will do later.’ The problem? ⚠ ️ Attackers will never wait us! I found a couple of settings, some of them so simple, but we miss them because we are always busy. I was digging in Defender and M365 Admin Center: 1.       📅 CIS Benchmark L2 for M365 recommended to disable calendar share with external.   One of the main reasons attackers need to know about your organization before they attack it is that if we allow our users to publicly share their calendars, it can help attackers learn more about the organization and its users. They can then use this information to exploit situations like when employees are out of the office, traveling, etc.  2.     ...
Read more