Troubleshoot Microsoft Defender XDR service issues
Note
Want to experience Microsoft Defender XDR? Learn more about how you can evaluate and pilot Microsoft Defender XDR.
Applies to:
- Microsoft Defender XDR
This section addresses issues that might arise as you use the Microsoft Defender XDR service.
I don't see Microsoft Defender XDR content
If you don't see capabilities on the navigation pane such as the Incidents, Action center, or Hunting in your portal, you need to verify that your tenant has the appropriate licenses.
For more information, see Prerequisites.
Microsoft Defender for Identity alerts are not showing up in the Microsoft Defender XDR incidents
If you have Microsoft Defender for Identity deployed in your environment but you're not seeing Defender for Identity alerts as part of Microsoft Defender XDR incidents, you need to ensure that the Microsoft Defender for Cloud Apps and Defender for Identity integration is enabled.
For more information, see Microsoft Defender for Identity integration.
Where is the settings page for turning on the service?
To turn on Microsoft Defender XDR, access Settings from the navigation pane in the Microsoft Defender portal. This navigation item is visible only if you have the prerequisite permissions and licenses.
How do I create an exception for my file/URL?
A false positive is a file or URL that is detected as malicious but isn't a threat. You can create indicators and define exclusions to unblock and allow certain files/URLs. See Address false positives/negatives in Defender for Endpoint.
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender XDR Tech Community.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for