PowerShell script for cross checking Active Directory and Defender 365 inventory.

defender_crosscheck.ps1

import-module ActiveDirectory

# Configuration
$tenantId = '' ### Paste your tenant ID here
$appId = '' ### Paste your Application ID here
$appSecret = '' ### Paste your Application secret here

# Start of script
$resourceAppIdUri = 'https://api.securitycenter.microsoft.com'
$oAuthUri = "https://login.microsoftonline.com/$TenantId/oauth2/token"
$authBody = [Ordered] @{
    resource      = "$resourceAppIdUri"
    client_id     = "$appId"
    client_secret = "$appSecret"
    grant_type    = 'client_credentials'
}
$authResponse = Invoke-RestMethod -Method Post -Uri $oAuthUri -Body $authBody -ErrorAction Stop
$token = $authResponse.access_token

$url = "https://api-eu.securitycenter.windows.com/api/machines"

# Set the WebRequest headers
$headers = @{
    'Content-Type' = 'application/json'
    Accept         = 'application/json'
    Authorization  = "Bearer $token"
}

$response = Invoke-WebRequest -Method Get -Uri $url -Headers $headers -ErrorAction Stop
$machines = ($response | ConvertFrom-Json).value

$ad_servers = Get-ADComputer -Filter 'operatingsystem -like "*server*" -and enabled -eq "true"' -Properties Name, Operatingsystem, OperatingSystemVersion, IPv4Address 

function IsMachineInDefender ($server_name) {
    foreach ($machine in $machines) {

        $server_name = $server_name.ToUpper()

        if ($null -ne $machine.computerDnsName) {
            $machine_name = $machine.computerDnsName.Split(".")[0]
        }
        else {
            continue
        }

        if ($server_name -eq $machine_name) {
            return $true
        }
    }

    return $false
}

foreach ($server in $ad_servers) {

    $server | Add-Member -MemberType NoteProperty -Name 'In Defender 365' -Value (IsMachineInDefender($server.Name)) -Force
}

$ad_servers | Select-Object -Property Name, "In Defender 365" | Out-GridView -Title "Windows Defender 365 AD Server Overview"