&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
          function printpage()
          {
          window.print()
          }
        </script>
<script type="text/javascript" src="https://components.uspto.gov/js/ais/40-patentsgazette.js"></script></head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=12395511.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US 12,395,511 B2</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>Proactively detecting and remediating anomalous devices using supervised machine learning model and automated counterfactual generator</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> Mawulolo Koku Ameko,  Palmyra, VA (US);  Kabir Walia,  Cambridge, MA (US);  Jyh-Han Lin,  Mercer Island, WA (US);  Vivek Gupta,  Groton, MA (US);  Ehimwenma Nosakhare,  Newton, MA (US);  Sean Gormley T. Kelley,  Dublin (IE);  Ashish Neupane,  Seattle, WA (US); and  Jenna Hong,  Acton, MA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Assigned to  Microsoft Technology Licensing, LLC,  Redmond, WA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  Microsoft Technology Licensing, LLC,  Redmond, WA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed on Jun.  26, 2023, as Appl. No. 18/341,071.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Prior Publication US 2024/0430280 A1, Dec.  26, 2024</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>H04L 41/16</b></i> (2022.01); <i><b>H04L 9/40</b></i> (2022.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>H04L 63/1425</b></i> (2013.01)&#xa0;[<i><b>H04L 41/16</b></i> (2013.01)]</td>
            <td class="table_data" align="right"><b>20 Claims</b></td>
          </tr>
        </table>
        <center><img src="US12395511-20250819-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">1. A method for proactively detecting and remediating anomalous devices within an enterprise network, wherein the method is implemented via a device comprising a processor, and wherein the method comprises:<div class="claim_text">accessing, via a network, device attributes corresponding to enterprise devices within an enterprise network;</div>
                <div class="claim_text">providing the device attributes to a supervised machine learning model;</div>
                <div class="claim_text">predicting, via the supervised machine learning model, whether each enterprise device is healthy or anomalous, wherein the enterprise device is predicted to be healthy unless the supervised machine learning model determines that a probability of the enterprise device being anomalous exceeds a specified confidence threshold;</div>
                <div class="claim_text">for each enterprise device that is predicted to be anomalous, perturbing a portion of the corresponding device attributes via an automated counterfactual generator to generate synthetic data representative of counterfactual healthy devices corresponding to the enterprise device, wherein each counterfactual healthy device is predicted to be healthy via the supervised machine learning model based on the perturbation of the corresponding device attributes;</div>
                <div class="claim_text">generating, for each enterprise device that is predicted to be anomalous, at least one recommended remedial action that will cause the enterprise device to approximate each corresponding counterfactual healthy device as represented by the synthetic data; and</div>
                <div class="claim_text">causing surfacing, via a user interface, of the at least one recommended remedial action for each enterprise device that is predicted to be anomalous.</div>
              </div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>