MDEValidator

1.1.0

PowerShell module to validate Microsoft Defender for Endpoint (MDE) configurations and security settings.

Minimum PowerShell version

5.1

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name MDEValidator

Copy and Paste the following command to install this package using Microsoft.PowerShell.PSResourceGet More Info

Install-PSResource -Name MDEValidator

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Owners

Copyright

(c) 2026 Nathan Hutchinson. All rights reserved.

Package Details

Author(s)

  • Nathan Hutchinson

Tags

Security Defender MDE Endpoint Validation Windows

Functions

Test-MDEConfiguration Get-MDEValidationReport Get-MDEOperatingSystemInfo Get-MDESecuritySettingsManagementStatus Get-MDEOnboardingStatusString Get-MDEManagementType Get-MDEManagedDefenderProductType Get-MDEManagementTypeFallback Get-MDEPolicyRegistryPath Get-MDEPolicySettingConfig Test-MDEPolicyRegistryValue Test-MDEPolicyRegistryVerification Test-MDEServiceStatus Test-MDEPassiveMode Test-MDEAntiSpywareEnabled Test-MDEIoavProtectionEnabled Test-MDENISEnabled Test-MDESignatureAge Test-MDESignatureInfo Test-MDERealTimeProtection Test-MDECloudProtection Test-MDECloudBlockLevel Test-MDECloudExtendedTimeout Test-MDESampleSubmission Test-MDEBehaviorMonitoring Test-MDEOnboardingStatus Test-MDEDeviceTags Test-MDENetworkProtection Test-MDENetworkProtectionWindowsServer Test-MDEDatagramProcessingWindowsServer Test-MDEAutoExclusionsWindowsServer Test-MDEAttackSurfaceReduction Test-MDEThreatDefaultActions Test-MDETroubleshootingMode Test-MDETamperProtection Test-MDETamperProtectionForExclusions Test-MDEExclusionVisibilityLocalAdmins Test-MDEExclusionVisibilityLocalUsers Test-MDESmartScreen Test-MDESmartScreenPUA Test-MDESmartScreenPromptOverride Test-MDESmartScreenDownloadOverride Test-MDESmartScreenDomainExclusions Test-MDESmartScreenAppRepExclusions Test-MDEDisableCatchupQuickScan Test-MDERealTimeScanDirection Test-MDESignatureUpdateFallbackOrder Test-MDESignatureUpdateInterval Test-MDEDisableLocalAdminMerge Test-MDEFileHashComputation

PSEditions

Desktop Core

Dependencies

This module has no dependencies.

Release Notes

v1.1.0 — Onboarding & Device State Expansion

New checks added to Test-MDEOnboardingStatus:
- DiagTrack (Connected User Experiences and Telemetry) service status — Warning if absent or stopped
- OrgId registry value (HKLM:\SOFTWARE\Microsoft\Windows Advanced Threat Protection\Status) — Info when present, Warning when absent
- WDATPOnboarding event log query — surfaces event count and latest timestamp; Warning if no events found

New device state functions:
- Test-MDEAntiSpywareEnabled — Pass when enabled, Warning when disabled
- Test-MDEIoavProtectionEnabled — Pass when enabled, Warning when disabled
- Test-MDENISEnabled — Pass when enabled, Warning when disabled
- Test-MDESignatureAge — Pass (0-1 days), Warning (2-3 days), Fail (>3 days) for both AV and AS signatures
- Test-MDESignatureInfo — Informational AV signature version and last updated date

Extended existing functions:
- Test-MDEPassiveMode now also surfaces AMRunningMode — Pass when Normal, Warning otherwise

Bug fixes:
- Null guards added to Test-MDESignatureAge preventing silent false-positives when WMI returns null signature age
- Null guard added to Test-MDESignatureInfo preventing empty version string when WMI returns null

Total: 377 Pester tests (0 failures), zero PSScriptAnalyzer violations

FileList

Version History

Version Downloads Last updated
1.1.0 (current version) 37 4/12/2026
1.0.1 22 3/23/2026
1.0.0 17 3/19/2026