MDE Toolkit

A free, powerful Windows desktop application for monitoring, managing, and diagnosing Microsoft Defender for Endpoint — built with WPF and .NET 8

Download v3.0.4 View on GitHub

✓ Free & Open Source   ✓ No Account Required   ✓ Windows 10/11   ✓ .NET 8

Everything You Need to Monitor & Manage MDE

One tool to view, analyze, diagnose, and manage your endpoint security configuration

📊

Security Score

Comprehensive security posture assessment with actionable recommendations, category breakdowns, and priority-based remediation guidance.

🛡️

App Control (WDAC)

View deployed WDAC policies, scan files against policy, run CiTool commands, and analyze Code Integrity configuration.

💾

Device Control

Manage USB and removable device policies. View, create, edit, and export device control configurations with a visual policy editor.

⚔️

ASR Rules

Monitor Attack Surface Reduction rules status, enforcement mode, and recent block/audit events with detailed event analysis.

🔥

Firewall & WFP

Parse firewall logs, view WFP filter summaries, browse firewall rules, and analyze network policy enforcement.

🔍

Diagnostics

Analyze Defender support bundles (MpSupportFiles.cab), parse logs, detect issues, and export diagnostic reports.

🤖

AI Analysis

Connect to Azure OpenAI or OpenAI to get AI-powered security analysis, risk summaries, and remediation suggestions.

🌐

Network Tracing

Capture network traces with netsh, configure scenarios and providers, and auto-stop on firewall drops with the built-in drop monitor.

Compliance Manager

Create and evaluate compliance policies against your endpoint, including DISA STIG baselines for Defender AV and Firewall.

🖥️

CiTool Integration

Run CiTool.exe commands directly from the app — list policies, refresh CI engine, get device ID, and view live streaming output.

📡

Remote Support

Connect to remote machines via WinRM or PsExec to monitor and diagnose MDE on other workstations across your network.

📚

Knowledge Base

Built-in reference for MDE components, ASR rules, and troubleshooting scenarios with links to official documentation.

🏢

Enterprise Fleet Monitoring

Deploy via MSI with dual scheduled tasks: SYSTEM collects telemetry every 8 hours, the logged-on user uploads to Azure using their Entra identity. No secrets on endpoints.

☁️

Azure Ingestion

Upload health snapshots to an Azure Function App or directly to Blob Storage. Managed Identity auth, Table Storage for Power BI dashboards, Gov Cloud supported.

See It In Action

Modern Fluent WPF interface with Mica backdrop, designed for Windows 10 & 11

MDE Toolkit Main Overview Dashboard Dashboard Overview
MDE Toolkit App Control View App Control View
MDE Toolkit Device Control Device Control

Download MDE Toolkit

Free and open source. No account required.

Recommended
📦

GitHub Releases

Download the latest build from GitHub

Download from GitHub

Version 3.0.5

🛠️

Build from Source

Clone the repository and build with .NET 8 SDK

View Source on GitHub

Requires .NET 8 SDK

System Requirements

  • ✓ Windows 10 version 1809 or later / Windows 11
  • ✓ .NET 8 Desktop Runtime
  • ✓ Administrator privileges recommended for full functionality
  • ✓ CiTool.exe requires Windows 11 22H2+ or Windows Server 2025+