From c5256d3c1c3574914a7e5f8df8778abcd06a2422 Mon Sep 17 00:00:00 2001
From: jame2O <james.davenport@squaredup.com>
Date: Tue, 16 Jun 2026 12:17:53 +0100
Subject: [PATCH 1/2] chore: bump version number

---
 plugins/MicrosoftDefender/v1/metadata.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/MicrosoftDefender/v1/metadata.json b/plugins/MicrosoftDefender/v1/metadata.json
index 54b9e78c..917cf3ba 100644
--- a/plugins/MicrosoftDefender/v1/metadata.json
+++ b/plugins/MicrosoftDefender/v1/metadata.json
@@ -1,7 +1,7 @@
 {
     "name": "microsoft-defender",
     "displayName": "Microsoft Defender",
-    "version": "1.0.0",
+    "version": "1.0.2",
     "author": {
         "name": "SquaredUp Labs",
         "type": "labs"

From 240ec8e5a4e3fa17ead0097cd64adddc327d0cd4 Mon Sep 17 00:00:00 2001
From: jame2O <james.davenport@squaredup.com>
Date: Tue, 16 Jun 2026 12:18:14 +0100
Subject: [PATCH 2/2] fix: Change Device Import query

---
 .../MicrosoftDefender/v1/dataStreams/listDevices.json  |  2 +-
 .../MicrosoftDefender/v1/indexDefinitions/default.json | 10 +---------
 2 files changed, 2 insertions(+), 10 deletions(-)

diff --git a/plugins/MicrosoftDefender/v1/dataStreams/listDevices.json b/plugins/MicrosoftDefender/v1/dataStreams/listDevices.json
index 614dfd08..0931e955 100644
--- a/plugins/MicrosoftDefender/v1/dataStreams/listDevices.json
+++ b/plugins/MicrosoftDefender/v1/dataStreams/listDevices.json
@@ -13,7 +13,7 @@
     "expandInnerObjects": true,
     "endpointPath": "runHuntingQuery",
     "postBody": {
-      "Query": "DeviceInfo | summarize arg_max(Timestamp, *) by DeviceId | where DeviceName != \"\""
+      "Query": "DeviceInfo | where isnotempty(DeviceName) | project Timestamp, DeviceId, DeviceName | summarize arg_max(Timestamp, *) by DeviceId"
     },
     "pathToData": "results",
     "getArgs": [],
diff --git a/plugins/MicrosoftDefender/v1/indexDefinitions/default.json b/plugins/MicrosoftDefender/v1/indexDefinitions/default.json
index bc040f79..88c6d2ca 100644
--- a/plugins/MicrosoftDefender/v1/indexDefinitions/default.json
+++ b/plugins/MicrosoftDefender/v1/indexDefinitions/default.json
@@ -11,15 +11,7 @@
                 "name": "DeviceName",
                 "type": {
                     "value": "Device"
-                },
-                "properties": [
-                    "OSPlatform",
-                    "OSProcessor",
-                    "OSVersion",
-                    "PublicIP",
-                    "OSBuild",
-                    "OSArchitecture"
-                ]
+                }
             }
         }
     ]