1,224 questions with Microsoft Defender for Cloud-related tags
Can I create a PowerAutomate flow to offboard devices in Defender for Endpoint?
I would like to create a friendly interface for users to offboard devices in Defender for Endpoint, so they won't have to run this process manually. Is this possible?
'Wacatac' malware was detected (Agentless preview)
Hi Team on one of the linux machine Microsoft Defender for Cloud in Security alerts shows malware how to remediate it. As per logs it's showed that Operation name Create or Update Virtual Machine Extension and event initiated by Windows Azure Security…
How to block SAM, LSA dump through Microsoft Defender for Endpoint
Hello, I am trying to see if the EDR Microsoft Defender for Endpoint or other solutions from Microsoft offer options to block the following hive dump SAM, LSA and optionaly DPAPI. I am aware that suspicious dumps are detected but is there a possibility…
ServiceNow integration with Defender for Cloud
What permissions are required in SerivceNow for the ServiceNow integration with Defender for Cloud user? The doc does not seem to indicate what permissions are required for the ServiceNow service account in…
Exception Handling for Defender & Third-Party EDR Conflict
Hello. We are currently operating Microsoft Defender for Cloud (MDC). We aim to comply with one of MDC's recommendations, 'EDR solution should be installed on Virtual Machines.' While Windows machines have Microsoft Defender for Endpoint (MDE) installed…
Info required for migration of MMA to Windows defender Unified agent.
Please help me to identify the specific process for that Microsoft Defender unified agent is running on the server. Scenario is that there are some servers in the environment running with 2012R2 and 2016. And MMA is running on the servers. As a result,…
Defender for cloud not enable some of the subscription
Hi, We have added 23 subscriptions to a single management group and enabled Defender for cloud at the management group level, and assigned NIST 00-53. However, only 2 of the 23 subscriptions are showing the Defender state as "OFF".…
Microsoft Defender for Containers in AKS-HCI - pricing questions
Hello, I added a new AKS-HCI kubernetes cluster on premises to arc, and enabled defender for containers and installed the extensions in the cluster. but billing has still been 0 since 1 month. can you explain why. given that it is stated that billing…
How to notify security team members of assigned alerts/incidents in Microsoft Defender
Is there a way to send email notifications to someone when we assign an alert or incident specifically to them in Microsoft Defender? We already have email notifications set up for new alerts, but we're wondering if there is a way to notify team members…
Android mobile Old Samsung Galaxy A40 can not connect internet now
Android mobile Old Samsung Galaxy A40 can not connect internet now. Android mobile Old Samsung Galaxy A40 mainly used as clock wake After install Defender and used antivirus VPN, long time power on, discover smart view app which blue tooth enabled…
IaaSAntimalware and MDE.Windows VM extensions
Are there any benefits to having both the IaaSAntimalware and MDE.Windows extensions installed on an Azure hosted virtual machine or are they just redundant?
How to Onboard Windows servers to Microsoft Defender for Endpoint using Defender for Cloud
We have configured Microsoft Defender for Server Plan 1 in our environment. How to Onboard windows server automatically in Microsoft defender for endpoint using Defender for cloud. Where we can see the device reporting and logs. What are the RBAC…
What's the exact definition of 'Timegenerated' in an Azure Resource Graph query output for Container Image Vulnerabilities?
When we run a query to find vulnerabilities in Container Images, there's a 'timegenerated' column in the query output. I've tried to find this documented somewhere, but can't, I've only found a document for Azure Monitor. Does this mean it's the last…
Azure - Microsoft Defender for Cloud - I can't download security recommendations to a CSV. I could for nearly 90 days straight and can download all others.
Hi, I can't download security recommendations to a csv file from: Microsoft Defender for Cloud | Recommendations from either the: Secure score recommendations or All recommendations tabs in Azure. I was able to do so yesterday and nearly every day since…
Microsoft defender is alerting for vulnerable version of nuget package in Azure Function's ".azurefunctions/function.deps.json" file"
Hi Champs, I'm facing a typical problem with my function app and MS defender for cloud. Defender is raising issues for my deployed function(written in c#) as: Even after installing latest nuget package, "function.deps.json" file is not…
Defender 365 admin console - Disabled Connected to a custom indicator & Connected to a unsanctionned blocked app rules
I want to know how I can disable these two following alerts : Disabled Connected to a custom indicator Connected to an unsanctioned blocked app I didn't find these alerts on the Alerts Policy of XDR/EPP or Cloud apps. Since all the changed that…
If Defender for Blob doesn't scan a file (no tags) is there anything we can do to force it to look again?
We have a system that scans all files uploaded to blob on upload. However, we've noticed that occassionally some files just never get scanned (i.e. never get the tags against them). In the documents it does say this can happen if the file throughput is…
How to get the impacted asset (user or client) when fetching alerts (v2) from Defender using API?
Hello, I followed this documentation to list alerts from Defender https://learn.microsoft.com/en-us/graph/api/security-list-alerts_v2?view=graph-rest-beta&tabs=http While I am getting the output, it is very different from when I fetch the alerts…
How to stop ATP clicking links in Phishing simulation emails
I have logged in to Microsoft Defender for O365 and configured the Phishing Simulation tab under Email & collaboration > Policies & rules > Threat policies > Advanced delivery. But something ATP wise is still clicking the links in my…
Standard Recommendations with Source "Defender for Cloud"
Recommendations under Compliance Standards (e.g. Azure CSPM (Preview) Standard) are tagged with source field as "Policy" or "Defender for Cloud". whats the difference between recommendations that are sourced from policy vs defender…