149 questions with Microsoft Defender for Identity-related tags
How to change incorrect classification of PaladinVPN by Microsoft Defender? How to contact the team by email?
We are writing to bring to your attention a matter regarding the classification of PaladinVPN by Microsoft Defender. We have noticed that PaladinVPN has been classified in a manner that we believe to be incorrect. The details of this classification can…
odbc oledb Vulnerability fix in Microsoft defender for endpoint.
We have Win 10 devices onboarded in Defender for endpoint. There are vulnerabilities showing up for for ODBC and OLE DB. We installed version Microsoft OLE DB Driver 18.6.6 and Microsoft OLE DB Driver 18.6.6 still these are reflecting in the…
Translation dosen't work in Microsoft 365 (Document Translation Failed .Please Try again)
Hello , When i try to translate a word document i get the message Bellow : My Office version is : we used E5 licences and the windows version is windows 11 23H2 I have tried many things but still encounter the error up to now. I attempted to…
OpenSSL vulnerabilities showing in Defender Dashboard
We have multiple devices showing up with OpenSSL vulnerabilities. It is detecting two dll files that it is flagging. Which they are libssl-3-x64.dll and libcrypto-3-x64.dll. It is flagging this for multiple different applications through out multiple…
I have Attack surface reduction
I have create two rules in ASR in one rule i have set audit and in other rule i have set block for same configuration Block executable files from running unless they meet a prevalence, age, or trusted list criterion but when i see report from defender…
How to get the list of CIS benchmark available for each OS in defender?
Hi Team, We are currently using defender for cloud, where we need to understand the SCA capability of defender for each OS and what all CIS benchmarks does it covers for each os. Can we able to get the list of available Benchmarks for Windows, Linux and…
trojan:script/wacatac.h!ml error occurred in our game executable file (.exe).
We received a report from a game user at our company that the game was being deleted as a threat to Microsoft Defender. Our games are distributed with secure signing using Advanced Installer. How can I solve this problem?
The Address you provided is invalid, please provide a valid address and try again!!!
Hi, While I was trying to schedule the SC-200 Exam, I got the error message that the billing address isn't valid. How can I fix this issue. Thanks! Best Regards, Jasmina Jakob
On Microsoft Defender portal, why is my Defender for Identity locked out?
I did create the Microsoft Sentinel as well as created a log analytics workspace. Followed all of the necessary steps. Once in the Microsoft Defender portal, it says that my Defender for Identity is locked out. Why is this? Entra ID Protection has been…
How to prevent "Microsoft defender SmartScreen prevented an unrecognised app" warning for my own python based app
Hi, I developed a python based application for windows and I created a setup exe for installation into Program Files (x86) folder via inno setup tool. My problem is whenever I execute my setup.exe file on another windows device, SmartScreen shows…
Microsoft windows security is deleting a file from IIS WWW root folder.
Hi Team, We have a problem with an application. One of the files from the IIS application configuration file is deleting automatically from windows server 2019. When we checked event logs, the warning is shown as below. Could you please suggest how to…
Security Recommendations for LAPS are outdated
These recommendations in the Microsoft Secure Score seems to be ignoring the new Windows LAPS and looking at the old LAPS. When we changed over to the Windows LAPS, these recommendations started getting flagged. I thought Microsoft would eventually…
There was no record of compromised users even though users were compromised
Good Afternoon, I ran an attack simulation with malware attachment and pushed to a specific set of people, I created a payload of my own and some of the users actually opened the attachment to view the content and also downloaded the attachment but it…
Virus' incorrect detection submission is being treated as virus submission wrongly
The software I created was misdiagnosed as a virus by Windows Defender, and I submitted feedback, selecting the "Incorrect detection" option. But the response was to add virus detection to them and now Defender still treats it as a…
Custom Webpage for Devices Isolated by Microsoft Defender
I am an Admin. My Company uses Microsoft Defender XDR. When a Device is Isolated, and the user of the Device opens his Browser, he gets shown a Default Webpage by the Defender. Is it possible to customize a the Default Webpage that is shown to a Device…
Package fails to install for Windows 2016 endpoints in Microsoft Defender for Identity
Problem with enroling Windows 2016 devices in Microsoft Defender for Identity As part of moving from a third party AV to defender (2019 and 2022 work fine). PowerShell Running the installation package fails on 2016 for multiple servers All available…
How to tune Initial access incident to not trigger if there was no successful login
I am getting a significant amount of alerts from detection source AAD Identity Protection on my MS Defender Incident page, that are called "Initial access incident involving one user" and "Multi-stage incident involving Initial access…
Suspend user in Defender User page
Hi, For 2 years i had no issue to suspend a user directly through the incident page in Defender console. Now, the option is not there anymore since Christmas. I opened a ticket with MSFT, but.... you know. Does Something have change for this ? Does…
Why Occurs This Porblem (This App has been blocked by System Administrator) in Domain Network
when we open some Application in our Computer it gives us this problem (This App has been blocked by System Administrator) in Domain Network, Why occurs this problem and how to solve it. Thanks alot.
How to avoid to notify users that this was a phishing alert
I created a phishing attack and sent it to test users. that works, but when the user clicks on the link or provides his crentials, he gots immediately a message saying that it was an alert. The problem is, if I send the alert to a complete department,…