107 questions with Microsoft Defender for Cloud Apps-related tags
Teams account sign in error
Teams sign in error We can't sign in this account (yymyint@xxx.com) in Mobile version. It shows like this image error. Pls tell me how to solve that error. Kindly reply to me. Thanks.
Onboarding multiple devices by local script
Hello Microsoft, I have a question regarding onboarding devices on Microsoft 365 Defender. I was wondering if I could onboard multiple devices in a domain by a local script (more than 10 devices) !? Thank you for responding*
How do I export a list of Analytics from the Defender Products
As a MSSP for Microsoft Sentinel we have the Defender MDO Data connectors enabled and we're creating Incidents based on the Alerts that are created from each of the different MDO's Defender for Identity Defender for Office 365 Defender for Endpoint …
How to prevent users to grant consent on third party apps which are using OAuth which is token based authentication and authorization?
How to prevent users to grant consent on third party apps which are using OAuth which is token based authentication and authorization? As we have seen many users are using their work account to grant on different apps to use those and seems those apps…
Prevent a user from trigerring the same cloud app policy multiple times
Hello, I have a policy that triggers when a user fails to connect 100 times in 60 minutes. The main use of this policy is to notify our security team when a user is likely to be under attack so that they can contact the user to establish a strong…
defender & intune-restrict access to a website based on device risk level
Hi all, is it possible to restrict access to a public website based on a risk level calculated by defender? Lets say that if a device has HIGH risk level, it will not be allowed to access particular web site.... PS: We use M365 E3 with M365 E5 Security…
MDE_365 _Integration with SIEM(ArcSight)
Hi All, In my environment ,we have integrated Microsoft 365 defender (mde) -EDR with ArcSight ,in our case we receive only Alerts and Incidents events only in our ArcSight logs .which is creating more noise and we are not able to create any rule in…
Azure License Allocation
Hi everyone, I am just getting started in azure which has lead me to a very junior license question. I have noticed we have a few licenses in our managed azure tenant which are not assigned. Licenses include: Microsoft Defender for Cloud Apps Microsoft…
What all are the capabilities of Microsoft Cloud app security in terms of monitoring the M365 apps?
What all are the capabilities of Microsoft Cloud app security in terms of monitoring the M365 apps? Also need help on below query. As I have implemented it in our tenant and it shows below on each apps for end users but how we can silently disable that…
How can I get the badge of my challenge ?
Get challenge bage
We have files or folder restored by Danet which assigns us as the owner, but when the tenancy user shares or accesses a file, it generates a Cloud Apps Alert. It's a false alert and shouldn't assign us as the owner.
We have files or folder restored by Danet which assigns us as the owner, but when the tenancy user shares or accesses a file, it generates a Cloud Apps Alert. It's a false alert and shouldn't assign us as the owner.
O365 MS Defender URL indicator - URL is invalid
Hi, I'm trying to add URL Indicators in MS Defender but it doesn't seem to work. I've created a CSV file (based on the sample file provided by Microsoft). I did not fill in the columns for ExpirationTime, RecommendedActions, RbacGroups, Category,…
Testing policy - Potential ransomware activity, nothing happens
I am testing Cloud Apps Security and I want to launch potential threat in action. So the policy "Potential ransomware activity" is enabled for all users, computer is onboarded to Defender for Endpoint, and when I create locally .zyx file and…
Troubleshoot SIEM tool integration issues
we have followed the docs to collect data from Microsoft Azure Event Hub, for Microsoft Defender integration on elastic stack. for some reason we're not receiving the data?
Is it recommended to block third party cookies for web browsers specially Chrome and Edge?
Is it recommended to block third party cookies for web browsers specially Chrome and Edge? As we have below security recommendation for the same. What all would be impacted and how to measure it?
edit severity forwarding/redirect rule from informational to High
Hiya, we have an information alert regarding forwarding/redirect rule. We are not firing emails off for informational else we would be swamped with emails. Is there a way to change this forwarding/redirect rule. to high rather than informational , or is…
Track change on DC with Defender for Identity?
We have 2016 Domain Controllers and Auditing is enabled. We are trying to configure/deny read permission, for members of a group, over the Domain Admins group in Active Directory. But something is removing that change after some time. I can find…
ALERT: Password reuse activity on multiple endpoints
We have started receiving multiple Defender alerts from yesterday - 20th April early morning. "A user on this device is reusing the currently logged in account password on a different credential. Use new and complex password for each credential to…
How to get defender for cloud plans activated for a long analytics workspace through powershell?
Hello everyone, I am trying to get the defender for cloud plans activated for a log analytics workspace through powershell, but there is no such command in powershell to get that. Can anyone help me with this would be highly appreciated. Thanks in…
ALERT: Password reuse activity - Behaviour
Hi Everyone. Recently we receive a bunch of the next Alerts!: Password reuse activity that is triggered every 3 minutes on Microsoft 365 Defender. The question here is, if anyone known the behavior or parameters that this alerts use to trigger the…