1,200 questions with Microsoft Defender for Cloud-related tags
Disable Microsoft Defender for Cloud for select virtual machines in Azure
I have several VMs running Windows 10/11 and Ubuntu in my Azure vnet and I really don't need them included in Microsoft Defender for Cloud. I've done some searching and apparently there is no way to select which VMs are included in the service, it's an…
Regulatory compliance reports not accurately affecting security
I have some regulatory compliance reports still showing unhealthy resources 3 days after the problem as been remediated. Any idea why this could be happening?
Defender for Endpoint Policies
Hello If a workstation or server is onboarded to defender for endpoint and no security policies have been pushed to the endpoint, what are the default settings or configuration that defender uses? does it stay dormant until policies are pushed? Thanks
Windows Defender SenseNdr.exe Application Crashing Events
Faulting application name: SenseNdr.exe, version: 2.3.1.0, time stamp: 0x7484efee Faulting module name: SenseNdr.exe, version: 2.3.1.0, time stamp: 0x7484efee Exception code: 0xc0000409 Fault offset: 0x000000000071f9c1 Faulting process id:…
Microsoft Vulnerability Manager Security Recommendations - Python
Microsoft Vulnerability Manager Security Recommendations is advising to Update Python as it is currently version 3.7.7.0 however, when installing Python latest version (3.12.30) from https://www.python.org/downloads/ it is still reporting on Microsoft…
Choosing between Defender for Endpoint and Defender for Server for servers with no internet connectivity
We are planning to migrate from Symantec® Endpoint Security to Microsoft, specifically looking for EDR and XDR features for our On Prem servers that have no connectivity to the internet. Should we use Defender for Endpoint or Defender for Servers? We are…
Azure iot defender micro agent - [procfs_reader.c/read_data_from_procfs:101] Error getting username in pid
Hi, When configuring the azure iot defender micro agent on the iot edge device (azure vm) we uncounted the following error message - [procfs_reader.c/read_data_from_procfs:101] Error getting username in pid When checking the status its running, its…
FIM in defender not showing file changes for newly created file after 3 days also.
Team, I have enabled FIM on one of the Resource Group it has created one default Log Analytics Workspace, DCR rule. We executed a script that will create test file on all VM's in /etc and C:\windows\system32 directory. But those changes are not yet…
What is best way to keep up to date employer's devices?
I'm looking for a solution with minimum administrator effort for keeping up to date on all employer's devices. In the organization, I have about 50 devices that they onboarded to Defender for Cloud's portal. All devices showing on Microsoft Defender…
Integrating Microsoft Sentinel with Microsoft Defender XDR
I am trying to Integrate microsoft sentinel and defender XDR. So here are the steps I have done so far. Log analytics created, Sentinel attached to the workspace enabled the defender connector . after enabling the connector , I have enabled…
Defender I use GPO Can Switch Config policy On Defender Mange by MDE device configuration management ?
Now plan deploy MDE my PC joins local AD which makes it difficult to manage policy through GPO. Is this possible? If I want to use Switch Gpo policy through Device configuration management MDE?
Is there a way to enable Defender for Servers in Azure by resource group within a subscription?
Working on deploying Defender for Cloud and wanting to enable Defender for Servers in Azure on a subscription but don't want all servers within the subscription to have it enabled just yet. Would prefer to target servers in specific resource groups…
How To Remediate Azure Secure Score Recommendations
Hello, I have this is security recommendation showing in Defender for Cloud, "Azure Machine Learning Computes should have local authentication methods disabled", the remediation steps given is to toggle "Enable SSH access" off. I…
Error when using Advanced Hunting
Hello, I have a customer that is getting the error below when using advanced hunting and is unable to search 'EmailEvents' and would like some insight on it? Issue: When using the Advanced Hunting option, the object 'EmailEvents' returns: "Syntax…
Defender 365 admin console - Disabled Connected to a custom indicator & Connected to a unsanctionned blocked app rules
I want to know how I can disable these two following alerts : Disabled Connected to a custom indicator Connected to an unsanctioned blocked app I didn't find these alerts on the Alerts Policy of XDR/EPP or Cloud apps. Since all the changed that…
Logic App - Internal Server Error for HTTP request
Hello, I'm working on a logic app integration with Microsoft Defender for Vulnerability. I use HTTP request to authenticate with Microsoft Defender API. …
Run a phishing simulation
No matter what type of simulation I am doing. They are not working.
Defender for Business onboarding endpoint
When running Microsoft Defender Endpoint onboarding for manual device onboarding, the error occurs: Error ID: 15, Error Level: 1. I have already carried out all the procedures in this answer:…
Defender P2 Qualys Deprecation -> switch to MDE for MDVM
Qualys is being deprecated to be used together with Cloud Defender for Servers Plan 2. In the documentation I read that MDVM is part of MDE, either plan 1 or plan 2. Plan 1 has basic vulnerability scanning and p2 supplies addons to that basic…
Custom detection in MDE
I am trying to create Custom Detection in Microsoft Security Center where my query has multiple Join and summarize statements. Whenever I am running query its providing results but after saving in Custom Detection form and under its results section its…