Findings
Generator
Configuration
Lucidum Reverse
Architecture
Statistics
← All Findings
Vendor:
Microsoft Defender for Endpoint
FIN-241
Weight:
5
4
3
2
1
Confidence:
High
Medium
Low
Edited:
2026-03-06 09:04
Verified
What It Detects
This device is known to Microsoft Defender for Endpoint but has not been onboarded. The device is visible in the inventory (status CanBeOnboarded) but lacks the Defender for Endpoint sensor, meaning it has no EDR protection or telemetry.
MITRE ATT&CK Techniques
Comma-separated, e.g. T1078, T1190
Checks
read-only
Field
Operator
Value
onboardingstatus
equals
CanBeOnboarded
Remediation
×
×
×
×
+ Add item
Why It Matters
×
×
×
+ Add item
Save Changes
Export Lucidum