# Security Dashboard

<figure><img src="/files/AF9SyvbZwgIggd4oROYh" alt="" width="375"><figcaption></figcaption></figure>

### **1. Introduction**

Microsoft Defender for Endpoint is excellent at *seeing* vulnerabilities, but it doesn’t *fix* them.\
Before now, IT teams needed to:

* Read Defender alerts
* Manually look up installers
* Package apps
* Deploy via Intune
* Wait for another Defender scan

The Pckgr Security Dashboard streamlines this process by:

* Pulling vulnerability data directly from Defender
* Visualizing which apps need patching
* Mapping detected apps to Pckgr packages
* Recommending the correct update version
* Allowing one‑click **Update‑Only** patch deployments to Intune
* Tracking remediation after Defender’s next scan

This gives you a complete loop:

> **Detect → Decide → Patch → Validate**, all in one place.

This feature is a new addition to Pckgr's services and our team plan to continuously develop its functionality to suit our user's needs. Please feel free to offer feedback to our team at any time, at <support@intunepckgr.com>.

***

### **2. Security Dashboard Overview**

<figure><img src="/files/G6kf43zh8KcydPFhKyN1" alt=""><figcaption></figcaption></figure>

The Security Dashboard loads and displays three main sections:

#### **2.1 Security Overview**

A high‑level summary generated from Microsoft Defender for Endpoint (MDE), showing:

* Total applications requiring updates
* Weekly increase/decrease trends in vulnerabilities
* Exposure indicators (e.g., “down 21 applications since last week”)
* Snapshot‑based comparisons for quick health assessment

This gives you immediate visibility into application‑level risk in your fleet.

#### **2.2 Application List**

<figure><img src="/files/Y9wDwwCK24zWP9ErCKnM" alt=""><figcaption></figcaption></figure>

A table of all applications Defender has detected with vulnerabilities.\
For each app you’ll see:

* App name
* Defender‑recommended version
* Number of exposed devices
* pckgr linking/patching status
* Available actions (Link, Patch, View Details)

#### **2.3 Top Software Vulnerabilities**

A curated list of the highest‑risk vulnerabilities in your environment.\
This may include apps that Pckgr has not previously deployed, and can be linked or patched using suggested Pckgr applications or custom packages.

***

## **3. Quick Start Checklist**

A lightweight, at‑a‑glance checklist to get up and running quickly.

#### **1. Connect Defender**

* [ ] Select your Company
* [ ] Click **Connect to Defender**
* [ ] Approve the read‑only MDE app registration

#### **2. Sync Vulnerability Data**

* [ ] Click **Start Sync**
* [ ] Wait for the initial data import
* [ ] Confirm apps populate in the table

#### **3. Review Vulnerable Applications**

* [ ] Check the “Apps Requiring Patching” count
* [ ] Open any app with vulnerabilities
* [ ] Review Defender’s recommended version

#### **4. Link Applications**

* [ ] Click **Link Application** to match Defender → Pckgr
* [ ] Upload custom packages if needed
* [ ] Ensure status changes to “Application Connected”

#### **5. Deploy Patch**

* [ ] Open the app page
* [ ] Click **Patch**
* [ ] Confirm the Update‑Only deployment
* [ ] Select device groups
* [ ] Confirm it appears in Intune’s deployment queue

#### **6. Verify Fix**

* [ ] Wait for Defender’s next scan
* [ ] Confirm the vulnerability disappears from the list
* [ ] Check updated metrics in Security Overview

***

## **4. Detailed Feature Guide**

Below is a more in‑depth explanation of each part of the dashboard.

***

### **4.1 Connecting pckgr to Defender**

When you click **Connect to Defender**, you will need to sign in with Global Admin and accept the permissions required to register Pckgr Security App as an Enterprise application.

Pckgr requests *read‑only* access only to MDE.\
This:

* Does *not* modify your Defender security settings
* Does *not* deploy configurations
* Only imports vulnerability recommendations and exposure data

This ensures Pckgr can safely ingest the required information without introducing risk.

***

### **4.2 Syncing Data**

#### **Initial Sync**

After connection, you’ll see a **Start Sync** button.

Clicking it loads:

* Defender recommendations
* Vulnerability metadata
* A snapshot of your environment
* Version upgrade recommendations

#### **Ongoing Sync**

* The dashboard automatically synchronizes every 8 hours
* A manual sync button is in development

***

### **4.3 Understanding the Security Overview**

The overview acts as your **executive summary**:

* Green means your exposure has improved
* Red means things have worsened or increased
* Trends use your last snapshot for comparison
* Helps you decide whether to act now or later

This gives you an immediate sense of security posture.

***

### **4.4 Application List**

Each line in the list represents a vulnerable app identified by Defender.

You’ll see:

| Field                   | Description                                                           |
| ----------------------- | --------------------------------------------------------------------- |
| **App Name**            | The software detected by Defender                                     |
| **Recommended Version** | The version Defender wants deployed                                   |
| **Exposed Devices**     | How many devices are affected                                         |
| **Status**              | e.g., “No Patch Deployed”, “Update Deployed”, “Application Connected” |
| **Actions**             | Options to Link, Patch, or View Details                               |

***

### **4.5 Application Details**

Selecting an app opens a more detailed view:

* Defender’s vulnerability details
* Recommended version
* Exposure scoring
* List of devices affected
* pckgr patching options
* Link or custom package options

<figure><img src="/files/DFxvMytHenYxDmXOlfIA" alt="" width="341"><figcaption></figcaption></figure>

This is where you decide how to remediate the vulnerability.

***

### **4.6 Linking Applications**

If you already deploy apps with Pckgr:

* You can link Defender‑detected apps to existing Pckgr packages
* This improves metadata alignment
* And ensures accurate reporting

If the app is not in Pckgr:

* Upload a [**custom package**](/extra-features/custom-applications.md)
* Link it
* Deploy via Pckgr → Intune

***

### **4.7 Deploying Update‑Only Patches**

Update‑Only patching:

* Avoids reinstalling the entire app
* Updates only the version detected
* Reduces disruption and deployment size
* Pushes through Intune like any other Pckgr deployment

Workflow:

1. Click Patch
2. Confirm
3. Deployment occurs from your Application Library
4. Assign device/s

***

### **4.8 Verification**

Once the patch is deployed:

* Defender rescans on its normal cycle
* The vulnerability disappears from the dashboard
* Exposure scores improve
* Status changes accordingly

You may optionally:

* Check the app version directly on a device
* View deployment logs
* Assess fleet‑wide consistency

***

## **5. Advanced Concepts**

### **5.1 Mixed Installation Formats (MSI / EXE / MSIX)**

Example:

* One device has MSI 7‑Zip
* The rest of the fleet uses EXE 7‑Zip
* Defender recommends patching only the MSI instance

In these scenarios, your ideal long‑term remediation is:

> Standardize to the most common installer format in your fleet, rather than patching an outlier.

Future logic will highlight this automatically, you can read more about standardising your tenant with Pckgr [here](/getting-started/creating-deployments/preparing-your-tenant-for-pckgr.md).

***

## **6. Troubleshooting**

#### App list is empty

* Ensure your connection to Intune was successful
  * ensure you sign into the tenant during connection with an admin account
  * ensure you accept the permissions
  * check your Enterprise App list in Intune for Pckgr Security Application

#### Numbers don’t look right

* Defender uses its own scan schedule
* Pckgr uses snapshots
* They align automatically over time

#### “Update Deployed” never becomes “Application Connected”

* Status logic is still undergoing refinement

***

## **7. Feedback and Development**

The Security Dashboard is a newly released feature and is actively evolving, and your real‑world use helps guide what we improve next. We’re continuing to refine workflows and expand functionality so it grows in the direction users need most.&#x20;

Your suggestions, big or small, help shape its development. If you’d like to share feedback, please contact:

<support@intunepckgr.com>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.intunepckgr.com/extra-features/security-dashboard.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.