103 questions with Microsoft Defender for Cloud Apps-related tags
Defender 365 admin console - Disabled Connected to a custom indicator & Connected to a unsanctionned blocked app rules
I want to know how I can disable these two following alerts : Disabled Connected to a custom indicator Connected to an unsanctioned blocked app I didn't find these alerts on the Alerts Policy of XDR/EPP or Cloud apps. Since all the changed that…
What is Device type: OfficePowerPointWRS in Microsoft Defender?
Hello, I'd like to know what is OfficePowerPointWRS device type. I found this on the user's activity logs in Defender for Cloud Apps. It appears to be related to OneDrive for Business and uses Microsoft 365 Common and Office Online server IP add. See…
OpenSSL vulnerabilities showing in Defender Dashboard
We have multiple devices showing up with OpenSSL vulnerabilities. It is detecting two dll files that it is flagging. Which they are libssl-3-x64.dll and libcrypto-3-x64.dll. It is flagging this for multiple different applications through out multiple…
The Address you provided is invalid, please provide a valid address and try again!!!
Hi, While I was trying to schedule the SC-200 Exam, I got the error message that the billing address isn't valid. How can I fix this issue. Thanks! Best Regards, Jasmina Jakob
Security Concern Regarding Microsoft 'PC Manager' App
Dear Microsoft Support Team, I am writing to bring to your attention a concerning security issue that has been observed with the recently released Microsoft "PC Manager." Upon conducting thorough testing and analysis, it has come to our…
defender for endpoint settings
Hello! There was a question about the Microsoft Defender Portal settings item in the Defender for Endpoint item. When in Security setting management- enable Use MDE to enforce security configuration settings from Intune. then "Enable…
Defender for Endpoint: How isolate device with high risk automatically?
Hello team, How can I auto-isolate a device that comes with a high-risk score?
Microsoft Defender XDR Streaming API
We have an API configured, and it is my understanding that you should be able to tie directly to a sentinel workspace and it should be configured like the image. But none of the options are selected for event hub connections or Storage accounts. For…
Stop downloads on unmanaged devices - conditional access
Hi all, I want to set a block policy on downloads from sharepoint and onedrive for unmanaged devices - personal or not within the tenant.
Quarantine inaccessible: Error message: Failed to load data. Please try again later.
For several weeks, I have been unable to see data in https://security.microsoft.com/quarantinequarantine. This problem started suddenly as I was previously able to access quarantine. Simultaneously, my team started receiving emails affixed with the…
MDCA(MCAS) API - Get list of sanctioned/unsanctioned apps with app name included
Hi All, I am looking at automating a task that we are currently performing manually for a client. We utilise MDCA and the client receives an extract from the MDCA portal showing all sanctioned/unsanctioned apps for the past 30 days. We want to automate…
Defender for endpoint: Controlled Folder Access: Where Can I find the list of well known apps allowed to access the protected folders?
Hello team, https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/controlled-folders?view=o365-worldwide#windows-system-folders-are-protected-by-default Controlled folder access protects your data by checking apps against a list of…
Outlook Sending Error
Hey We received email from our one member but She didn't send that mail to our organization gp. That mail spread all our each of organization members 3 and 4 times. When we ask to her, she didn't know the outlook before that happen and her position don't…
How to get Audit logs of Microsoft defender for endpoint using Rest APIs.
How to get Audit logs of Microsoft defender for endpoint using Rest APIs with start time & end time along with pagination
Trivy-operator vs Microsoft Defender for AKS (Azure Managed Kubernetes)
Hello all, I am mike. We are currently working on a solution to have an active tool that helps us to check any misconfigurations, scans images for the containers. We found Trivy-operator as one of the solution becuase of it ease of use and capability…
About Authenticator app
I had to change my instagram password and during login I can't find instagram on authenticator app. Kindly help
How to export payload domains and sender addresses from Attack simulation portal from M365 security defender? Is there way to get all those domains and sender addresses so that we can use for attack simulations based on our choice?
How to export payload domains and sender addresses from Attack simulation portal from M365 security defender? Is there way to get all those domains and sender addresses so that we can use for attack simulations based on our choice and know that its the…
Defender for Endpoint blocking reddit
I added Reddit.com to my whitelist and can sort of go to Reddit. Windows notification is listing a couple sites it says it can't get to. Is there a way to setup one rule that will cover all sub-domains and such like doing reddit.com/* or such (which…
Defender for Endpoint bios in the wrong place
BIOS update information should flow under Weakness node, but I still have them in Recommendations. Is this by disign like this? Empty: Reference:…
Using KQL in Microsoft Defender to Query files on user computers
Hello, can anyone help me with querying all computers (Windows 10 and 11) in our organization to find the location of files with a specific extension *.ref using KQL in Advanced Hunting? Is it possible to base this query on the Organizational Unit (OU)…