This metric will find if a Group has it's policy set to detect mode. Will be useful for alerting if this client should be in protect mode.

Groups[?GroupPolicyInformation.mitigationMode== || GroupPolicyInformation.mitigationModeSuspicious=='detect'].{GroupName: name, mitigationMode: GroupPolicyInformation.mitigationMode, mitigationModeSuspicious: GroupPolicyInformation.mitigationModeSuspicious}