Findings
Generator
Configuration
Lucidum Reverse
Architecture
Statistics
← All Findings
Vendor:
Microsoft Defender for Endpoint
FIN-265
Weight:
5
4
3
2
1
Confidence:
High
Medium
Low
Edited:
2026-03-06 09:03
Verified
What It Detects
An internet-facing device detected by Microsoft Defender for Endpoint has not been fully onboarded to the Defender sensor. This device is directly exposed to the internet without endpoint detection and response (EDR) coverage. Attackers can exploit, compromise, and persist on this device without generating any Defender alerts or telemetry.
MITRE ATT&CK Techniques
Comma-separated, e.g. T1078, T1190
Checks
read-only
Field
Operator
Value
onboardingStatus
equals
CanBeOnboarded
isInternetFacing
equals
True
Remediation
×
×
×
×
+ Add item
Why It Matters
×
×
×
+ Add item
Save Changes
Export Lucidum