107 questions with Microsoft Defender for Cloud Apps-related tags
How to export payload domains and sender addresses from Attack simulation portal from M365 security defender? Is there way to get all those domains and sender addresses so that we can use for attack simulations based on our choice?
How to export payload domains and sender addresses from Attack simulation portal from M365 security defender? Is there way to get all those domains and sender addresses so that we can use for attack simulations based on our choice and know that its the…
Defender for Endpoint blocking reddit
I added Reddit.com to my whitelist and can sort of go to Reddit. Windows notification is listing a couple sites it says it can't get to. Is there a way to setup one rule that will cover all sub-domains and such like doing reddit.com/* or such (which…
Defender for Endpoint bios in the wrong place
BIOS update information should flow under Weakness node, but I still have them in Recommendations. Is this by disign like this? Empty: Reference:…
Using KQL in Microsoft Defender to Query files on user computers
Hello, can anyone help me with querying all computers (Windows 10 and 11) in our organization to find the location of files with a specific extension *.ref using KQL in Advanced Hunting? Is it possible to base this query on the Organizational Unit (OU)…
Anomalous Token alert of Defender
Hi all, We used to receive an Anomalous token alert on Defender, and it stopped all of a sudden. Unable to see any policy associated with it. Please help to figure it out.
WebDAV accessed files have error opening
we have a nextcloud server, self-hosted and when we go to open a microsoft document on the webdav networked drive it gets : "Microsoft Office has blocked access to "https:XYZ..." because the source uses a sign-in method that may be…
files are not scanned that uploaded on teams connected site
files are not scanned that uploaded on teams connected site
API Advanced Hunting IdentityLogonEvents error
Hi everyone, I'm trying to get the Identitylogonevents result from the API, and I get a forbidden error message, I gave all rights, read all Microsoft documentation and article I found nothing. i have test all this API : #$url =…
Windows Defender MpCmdRun.exe Custom Scan Automation Job Failing intermittently in Production Environment using TeamCity Tool
Hello Microsoft Community, We are currently facing an issue with our TeamCity build automation, specifically related to the custom virus scan using the MpCmdRun.exe command-line utility. Our setup involves executing the command: MpCmdRun.exe -Scan…
office 365 identity - diff user and workstation AD
Dear All, We have customer would has below requirement, 1- user would be synced from Forest A to O365 2- Forest B would contain the same user A and workstation would be joined to Forest B 3- Identity in Forest A and Forest B would be synced for password…
Unable to receive incidents with status `redirected` using Outh2.0
I am using [https://graph.microsoft.com/v1.0/security/incidents](https://graph.microsoft.com/v1.0/security/incidents%60) API to fetch all the incidents. To access this API, I am using two types of tokens. Basic Auth: By providing client_id and…
Avoid upload/download big file in Dropbox (PC)?
Hi, I would like to know if using Defender for Cloud Apps (MCAS) it is possible to avoid uploading or downloading a 10 Gb file to Dropbox Enterprise. Dropbox desktop app or web app are possible. I checked during a lot of time in the web (including…
Compliance configuration for Teams on mobile
Hello all Wanted to double check something : I am about to edit a handful of setting in Microsoft defender , all related to link and attachment sharing This wave of updates are focusing on the enforcement of new rules for security and compliance on…
How do i allow my organisation access to the Microsoft store?
I'm trying to access add-ins within Powerpoint App but keep getting an error that my organisation hasnt allowed access. I am the administrator of the account, we have a non-profit account (work or school). Any advice on how to allow to the store for…
Reviewing the Quarantine for a Mail-Enabled Public Folder
Our organization used mostly Public Folders rather than Shared Mailboxes. A number of these Public Folders are mail-enabled and have an email address assigned to them. We also use Microsoft Defender (security.microsoft.com/quarantine) for our email…
Removed the unwanted app but still showing in MDE portal
Hi Community, Hope all are doing well!! am facing an issue, i saw WhatsApp application in MDE software inventory which was installed in one PC and later we uninstalled it from the PC but it is still showing in inventory under MDE portal don't know…
Is there a way to configure Microsoft Defender to send an alert whenever its settings are altered?
Is there a way to configure Microsoft Defender to send an alert whenever its settings are altered?
E3 vs E5 from a security perspective: Unified XDR/SIEM
Hi, A customer with E5 wants to downgrade to E3. Currently, he has XDR services (All Defenders) and Sentinel. Will he lose any services during the downgrade process?
What is the difference between Microsoft Defender for Cloud difference Microsoft Defender for Cloud Apps?
What is the difference between Microsoft Defender for Cloud difference Microsoft Defender for Cloud Apps?
Microsoft Defender for Endpoint
Hi team , I am trying to roll out a feature just for a certain group of devices but when i tried to create a Device Groups i went to settings > Endpoints > Permissions > Device Groups i can 't see permission option when in endpoint. I am…