107 questions with Microsoft Defender for Cloud Apps-related tags
How can we procure the Microsoft Defender Experts for XDR service?
Hi All, I want to explore the Microsoft Defender Experts for XDR Services for Microsoft. How can I procure this service from Microsoft? Please guide.
What are the tools required to work using MXDR?
Hi everyone, I am researching on Microsoft Defender for XDR service. I wanted to understand what other Microsoft tools can be used for Security that are either available or can be integrated with the Security Portal. Thanks.
BYOD Microsoft Entra ID Registered: differenciate personal device to allow download or block
Hello team, I have a user who registered 2 devices as Microsoft Entra ID registered which are recognized as personal devices. In theory, one device should be used for work and access corporate data, in this registered device the user can download data…
What these listed action do when we do perform them via M365 Defender under "Explorer" on Phish/Spam emails?
What these listed action do when we do perform them via M365 Defender under "Explorer" on Phish/Spam emails? Is there any official document which states all about these options and their actions? See below screenshot.
How to get alerts/notifications from M365 Defender for Endpoints, Identity and others when there is new updates and vulnerabilities if any are available on any the third-party apps like Chrome, Firefox and others?
How to get alerts/notifications from M365 Defender for Endpoints, Identity and others when there is new updates and vulnerabilities if any are available on any the third-party apps like Chrome, Firefox and others?
OpenSSL vulnerabilities showing in Defender Dashboard
We have serval devices indicating a OpenSSL vulnerability. It is multiple applications through out our devices. There are two dlls that are flagged libcrypto-3-x64.dll and libssl-3-x64.dll. Is defender throwing false positives? If they are not false…
How to block/remove adware and pop-up ads on devices via Intune or M365 Defender in browser and any other SaaS/Web Apps which users are browsing/using?
How to block/remove adware and pop-up ads on devices via Intune or M365 Defender in browser and any other SaaS/Web Apps which users are browsing/using?
Repeatedly having "Multiple failed user log on attempts to an app" incidents and alerts
I have cloud-only environment without local Active Directory and after Defender for Cloud Apps was implemented, only one policy generates these "Multiple failed user log on attempts to an app" alerts and incidents all the time. Is this a known…
How to monitor/get the email alerts of Service accounts being used/someone tried to login to that account in M365 via Cloud app security policy alerts or any other way as I saw blogs but it was not clear to me?
How to monitor/get the email alerts of Service accounts being used/someone tried to login to that account in M365 via Cloud app security policy alerts or any other way as I saw blogs but it was not clear to me?
Onboarding devices to Microsoft Defender for endpoint
Hi team, Could you please send me steps on how to manage security settings through Defender for endpoint. Also, we don't want to enroll devices to intune, we just want to manage them through Defender. Thank you for your help.
400 Bad request
Error running command synapse.createNotebook: HTTP Error Response: 400 Bad Request. This is likely caused by the extension that contributes synapse.createNotebook.
What is included in MS Defender for business ?
What is included in MS Defender for Business ? I read the doc but not able to get it. I get that it contains Defender for Endpoint but boes it contain Defender for Office 365? Defender for Office 365 ? Identity ? or parts of it ?
Onboarding devices on Microsoft 365 Defender remotely
Hello, I have a question regarding onboarding devices on Microsoft 365 Defender. I was wondering if I could onboard computers in my domain remotely by a local script using PowerShell or PsTools without logging in User's computer? Thank you for…
How Defender EASM found open port 500 on my IP address, and using Nmap scanner I didn't find that the port is open?
I'm using defender currently on a 30 day trial, I'm wondering how Defender EASM managed to find open port 500. I've used Nmap scanner with different switches and tried to scan port 500 directly but I got no result that the port is open. Now I don't know…
How to block Save As option in Microsoft 365
I can restrict document downloads in Microsoft 365 applications with Microsoft Defender for Cloud Apps. However, when I open a document with a client, the Save As option is enabled. How can I prevent this action?
Mac OS accessing restricted application
Hey team, We have setup a policy to allow devices to access some applications and sites but we noticed that MAC OS users are now able to access restricted and unrestricted applications and sites. Can you please provide us with steps to prevent Mac users…
Cannot turn feature on. This feature requires an Office 365 E5 license or the Threat Intelligence add-on for Office 365.
I already have M365 E5 license. Do we require 1 threat intelligence license for everyone in the company or how does it work?
Can the defender for identity sensor be installed on normal vms being used for DBs and Apps? because we fully cloud based and have no on prem domain controllers
Improvement Action: Start your Defender for Identity deployment, installing Sensors on Domain Controllers and other eligible servers. We need to establish if we can utilize this service on normal VMs and if there is any benefit of it?
Prevent access to personal accounts from Office 365
Hello, I have been given the task of researching and implementing restrictions within our organization, specifically regarding user access to personal accounts and services from within the Office 365 app suite. For example, by default, there appears to…
I want to know the policy of Microsoft Defender for Cloud App
I want to know if the policy of Microsoft Defender for Cloud App 'Ransomware activity,' includes the condition of detecting the file named 'HELP_DECRYPT.URL' as a normal file but still triggers an alert.