Public/Get-MpGuids.ps1
|
Function Get-MpGuids { <# .SYNOPSIS Gets Windows Defender and Microsoft Defender for Endpoint GUIDs. .DESCRIPTION Returns the Machine GUID, Scrubbed Machine GUID, Sense ID, and Onboarded Info related to Windows Defender and Microsoft Defender for Endpoint. .EXAMPLE Get-MpGuids .OUTPUTS System.Collections.Specialized.OrderedDictionary #> [CmdletBinding()] param() try { # Initialize empty hashtable for results $sense_info = [ordered]@{} # Get Defender for Endpoint information from registry $EDR_RegPath = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Advanced Threat Protection" $senseid = [Microsoft.Win32.Registry]::GetValue($EDR_RegPath, "senseid", $null) $onboard = [Microsoft.Win32.Registry]::GetValue($EDR_RegPath, "OnboardedInfo", $null) # Process onboarding information if it exists if ($null -ne $onboard) { try { $onboard = ($onboard | ConvertFrom-Json).body | ConvertFrom-Json } catch { Write-Warning "Failed to parse OnboardedInfo: $_" $onboard = "Error parsing JSON" } } # Get machine GUID from Defender preferences $machine_guid = (Get-MpPreference).ComputerID if ($null -ne $machine_guid) { $machine_guid = $machine_guid.ToLower() # Create scrubbed version for privacy try { $stringAsStream = [System.IO.MemoryStream]::new() $writer = [System.IO.StreamWriter]::new($stringAsStream) $writer.write($machine_guid) $writer.Flush() $stringAsStream.Position = 0 $machine_guidscrub = "PII_" + (Get-FileHash -InputStream $stringAsStream -Algorithm SHA1).Hash.ToLower() $writer.Close() $stringAsStream.Dispose() } catch { Write-Warning "Failed to create scrubbed GUID: $_" $machine_guidscrub = "Error_Creating_Scrubbed_GUID" } } else { $machine_guidscrub = $null } # Build and return results $sense_info = [ordered]@{ MachineGuid = $machine_guid MachineGuid_Scrubbed = $machine_guidscrub SenseId = $senseid OnboardedInfo = $onboard } return $sense_info } catch { Write-Error "An error occurred while getting MP GUIDs: $_" return $null } } |