1,200 questions with Microsoft Defender for Cloud-related tags
What is difference between Standard edition and Microsoft defender for server Plan 1 and plan 2.
HI Team, I would like to know what is the difference between Standard edition and Microsoft defender for server Plan 1 and plan 2. Assume that somebody upgraded Microsoft Defender for the cloud from the Free tier to the Standard tier. Do we still need…
assign permissions for Azure workloads
I am reading the article at https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/assigning-permissions-in-microsoft-defender-for-cloud/ba-p/1694069 It is indicated that once we re in IAM in the subscription, we should get 2 built-in roles…
Azure Defender Secure Score and Recommendation Visibility
Just want to check if visibility of Azure Defender Secure Score and Security Recommendations for a subscription is dependent on Defender for cloud plan? And if plan is expired do we get Secure Score as "Not Available". As I definitely …
Why is the threat removal process taking hours?
A few days ago Windows Defender detected a virus. I put on actions to remove it and it was taking quite some time. It took an entire day of my laptop being turned on and still, it won't go. Well after I shut down the laptop and turned it on, it said that…
What permissions do I need to manage alerts in defender
What permissions do I need to manage alerts in defender?
I want to use Microsoft Defender for Endpoint, but I only want to activate the DLP feature and turn off the other modules. Can I do that?
I want to use Microsoft Defender for Endpoint, but I only want to activate the DLP feature and turn off the other modules. Can I do that?
Microsoft Defender Endpoints - When creating or editing a device group I can only select 'No automated response' in the dropdown of 'Remediation Level'
Basically as the title says. In the create or edit device group menu, my only option is to select 'No Automated Response' in the dropdown of Remediation Level. I've read that automated response should be active by default and you cannot turn it off. My…
Offboarding a Device from MDE with a Deleted Tenant ID
I have a device that was onboarded to MDE under a DemoTenant that no longer exists. Now, I want to offboard it and onboard it to a new tenant. Can someone please assist?
Is there a way to block "Microsoft Azure PowerShell" for all users?
Greetings, I'm afraid that this one can't be blocked by design, but I will ask anyway. Is there a way to block login attempt from Microsoft Azure PowerShell? We are constantly probed from all around the world, and I can't see to figure out how to block…
Microsoft recommendation error
Got the recommendation by defender "Diagnostic logs in Key Vault should be enabled". So I enabled diagnostic settings on the key vault and attached a storage account to it. Later when I went to check the recommendation status in the defender,…
Virtual Machine onboarding problem to vulnerability assessment
I have enabled Microsoft Defender as a vulnerability assessment tool for all my VMs within a subscription. Three of them show up in Advisor with title: "Machines should have a vulnerability assessment solution" and details: "Virtual…
Defender for Cloud alerts exported to event hub, but the schema doesn't align with the documented alerts API .
I am reaching out regarding an issue we've encountered while exporting security alerts from Microsoft Defender for Cloud to Azure EventHub.Here are the details of the issue: We are currently sending security alerts from Microsoft Defender for Cloud to…
Microsoft Store went missing
Hi I just reset My pc But after resetting my pc The App store (Microsoft Store) went missing I dont know how to get it but I need help to reinstall the Microsoft store -Manohar Soren
Does the Azure monitor agent collect logs with default settings?
Hello! I have the scope of Azure Arc-enabled servers (on-premise, not Azure VM). There are Azure monitor agents (AMA) installed, so I think that when AMA was deployed, then logs started to be sent to our workspace. I see on the Data collection rules…
Microsoft Defender for Cloud - exclude ARC enabled machines
Hi all, I have a mix of normal vms and arc-eneabled machines in my subscription. The arc-enabled machines already have enpoint protection software installed so endpoint protection through MDFC is not needed for these machines. I was wondering if I can…
How can I exclude salesforce chrome extension from conditional access app control policies
I'm testing Salesforce app monitor using MCASB session control policies. To redirect Salesforce app access to MCASB, I created conditional access policies with conditional access app control. Salesforce team is using chrome extension that stop…
Want to know Defender CSPM standard plan features in detail.
Want to know Defender CSPM standard plan features in detail. Can anyone help from where i can get the elaborated features details of CSPM standard plan. Below are the features which we have in CSPM standard plan. 1.Identity and role assignments…
Azure defender for cloud
Currently Azure defender for cloud helps us to check the NIST compliance. I am wondering what additional security measures Azure defender for cloud offers. For example, does it have extra measure to fight against Bots/DDoS Attacks, or does it scan our…
I am receiving this notification from the Defender "Insecure Azure storage account connection string"
I am receiving this notification from the Defender "Insecure Azure storage account connection string" Defender for Cloud found a plaintext storage account connection string. It is important to secure the connection string to avoid its leakage…
NIST checklist
Hi, we are trying to comply with NIST standard. Microfost Defender for Cloud offers NIST checklist. While I working through the list, I am quite confused. One of the failure item is 'Azure Defender for servers should be enabled' which is in regards to…