Active Directory
A set of directory-based technologies included in Windows Server.
6,862 questions
245 questions with Microsoft Defender for Identity-related tags
0 answers
Duplicated Defender AAD Identity Protection alerts due to different sign-in request ID in milliseconds
Hi, We are seeking some advise regarding the duplication alerts in our defender portal. Any help is greatly appreciated. Subject: Duplicated Defender AAD Identity Protection Alerts Due to Different Sign-In Request IDs in Milliseconds Alert Name:…
asked 2025-02-07T13:18:23.58+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 67%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJW%3C/text%3E%3C/svg%3E)
Joey W
0
Reputation points
commented 2025-02-07T17:18:09.05+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 22%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESD%3C/text%3E%3C/svg%3E)
Sakshi Devkante
575
Reputation points Microsoft Vendor
0 answers
Where do I manage old audit activity alerts?
I have an activity alert setup for an ACCOUNT A and was later changed for ACCOUNT B but we still receive alert for ACCOUNT A. I have checked everywhere and there is no alert setup for account A How can I find it? Tried Powershell too but not much…
asked 2025-01-30T19:20:51.0566667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 89%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGK%3C/text%3E%3C/svg%3E)
Gurpreet Kaur Gill
0
Reputation points
commented 2025-02-07T00:41:20.0066667+00:00
Gurpreet Kaur Gill
0
Reputation points
0 answers
Microsoft Defender for identity auto disable user account.
Hello, Recently, we are experiencing a lot of user accounts being automatically disable by Microsoft Defender for Identity when they authenticated by Exchange Online. Somehow, Defender think the user's accounts being attacked, and just disabled users…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 78%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB%3C/text%3E%3C/svg%3E)
0 answers
Azure ATP sensor issue -DC not visible under the security portal
Hi,we have installed the Azure ATP sensor on 33 DC's. But one DC's sensor status was unhealthy. To resolve this, we have cleared the DC entry from security portal and again re-install the ATP but unfortunately this time the affected DCS is visible in…
asked 2025-01-29T10:55:54.0633333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 42%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EK%3C/text%3E%3C/svg%3E)
Khushboo
0
Reputation points
commented 2025-02-06T14:21:02.5966667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 27%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERP%3C/text%3E%3C/svg%3E)
Raja Pothuraju
12,200
Reputation points Microsoft Vendor
1 answer
API to get Microsoft Defender Campaigns
Is there a way to get the Campaigns data inside the Microsoft Defender Portal using an API?
asked 2025-01-06T10:36:01.8966667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 11%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHB%3C/text%3E%3C/svg%3E)
Hashem Barakat
0
Reputation points
edited the question 2025-02-06T14:06:09.9133333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 16%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERG%3C/text%3E%3C/svg%3E)
Rakesh Gurram
11,735
Reputation points Microsoft Vendor
1 answer
We received reports from our users that our URL is unsafe, but they are safe.
Hi there, I am trying to contact Microsoft Defender support, but I am experiencing difficulties getting in contact with anyone. I am writing regarding false positive alerts that our users are receiving from Microsoft Defender concerning our legitimate…
asked 2025-01-24T17:26:36.4766667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 85%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETW%3C/text%3E%3C/svg%3E)
Tirta Wulandari
0
Reputation points
edited the question 2025-02-06T13:54:43.6233333+00:00
Rakesh Gurram
11,735
Reputation points Microsoft Vendor
0 answers
Whats goin on?
<Event xmlns="__http://schemas.microsoft.com/win/2004/08/events/event__"> <System> <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" /> …
asked 2024-12-30T13:57:06.6066667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 48%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
Sherwin pillai
0
Reputation points
commented 2025-02-06T07:06:38.7533333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 88%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESD%3C/text%3E%3C/svg%3E)
Shanmugesh D
0
Reputation points
0 answers
What does the Defender Anti-Spam (Inbound) policy overrule?
The Defender Anti-Spam, Anti-Malware and Anti-Phish policies all sit together in the Email Policy and Rules section, but I am trying to understand what an exception to these policies would over rule? Mainly looking at the Anti-Spam Policy, as that is…
asked 2025-01-28T12:27:10.4433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 85%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJN%3C/text%3E%3C/svg%3E)
Josh N
20
Reputation points
edited the question 2025-02-05T10:24:45.1933333+00:00
Raja Pothuraju
12,200
Reputation points Microsoft Vendor
1 answer
One of the answers was accepted by the question author.
MDE managed devices
Hi! It is possible to manage Windows Servers with Defender for Endpoint and Intune. After setup, the Windows Server device appears in Intune. But can Devices > Configuration > Policies be deployed to it, or only policies under the Endpoint…
asked 2025-02-03T14:06:55.22+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 86%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
Artem Shaturskyi
135
Reputation points
accepted 2025-02-04T07:32:57.1333333+00:00
Artem Shaturskyi
135
Reputation points
0 answers
Windows Defender Definition Updates folder taking 256 GB of space and not able to delete the files
Windows Defender Definition Updates folder taking 256 GB of space and no free space left on C drive. Tried deleting the files but not able to do it. We are using Sophos Antivirus.
asked 2025-02-04T06:36:43.46+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(240, 19%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECS%3C/text%3E%3C/svg%3E)
Chintan Shah
0
Reputation points
edited the question 2025-02-04T06:58:27.1366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 2%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EK%3C/text%3E%3C/svg%3E)
kguntaka
4,830
Reputation points Microsoft Vendor
1 answer
Windows Defender Phishing Email Submission and Remediation
Hi, I have a question. We use gmail in my organization for email and Knowbe4 for phishing email submission and remediation. We have microsoft 365 licenses for all staff members. My organization is thinking of getting rid of Knowbe4 but I was wondering if…
asked 2025-01-31T18:10:48.28+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 5%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEP%3C/text%3E%3C/svg%3E)
Ennis Pool
0
Reputation points
edited the question 2025-02-03T21:35:03.0933333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 76%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
VarunTha
12,345
Reputation points Microsoft Vendor
1 answer
One of the answers was accepted by the question author.
I removed defender and now I can't download files in Edge.
After configuring the windows defender, windows defender apt, and windows defender smartscreen processes not to start by removing the execute permissions on the corresponding exe files, I am unable to download files in Edge. When I try to download the…
Microsoft Edge
Microsoft Edge
A Microsoft cross-platform web browser that provides privacy, learning, and accessibility tools.
2,447 questions
Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
10,665 questions
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
245 questions
asked 2025-01-27T00:51:19.2733333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 21%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER6%3C/text%3E%3C/svg%3E)
rikutotomizuka-6197
40
Reputation points
edited the question 2025-02-03T02:07:33.25+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 68%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYZ%3C/text%3E%3C/svg%3E)
Yu Zhou-MSFT
14,506
Reputation points Microsoft Vendor
2 answers
Privacy protection VPN option is not visible on my Microsoft defender
Privacy protection VPN option is not visible on my Microsoft defender. Earlier I was used now it's not visible, I have 365 personal plan
asked 2024-12-10T00:50:54.28+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 87%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETV%3C/text%3E%3C/svg%3E)
Thirumal Vellingiri
10
Reputation points
answered 2025-02-01T18:54:05.6733333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(73.60000000000001, 89%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKT%3C/text%3E%3C/svg%3E)
Kimberly Traven
0
Reputation points
1 answer
MS Defender web protection / SmartScreen for Google Chrome and Firefox
Hi. We have our CE+ assessment in a few weeks. In our CE basic, we provided information about our browsers Edge, Google Chrome and Firefox they have MS Defender / SmartScreen options enabled for malicious sites and downloads. Unfortunately, MS Defender…
asked 2025-01-20T13:18:10.62+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 77%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMA%3C/text%3E%3C/svg%3E)
Muhammad Arif
0
Reputation points
edited a comment 2025-01-27T14:21:59.44+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 26%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
Navya
15,145
Reputation points Microsoft Vendor
1 answer
Data Loss Prevention
i have Microsoft 365 Business Premium license. do i need to Add any Add-on license or i will get full feature of DLP within this license. actually i want to use this DLP to prevent and monitor user activity.
asked 2025-01-23T10:12:51.9366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 37%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
Parsian02
20
Reputation points
answered 2025-01-27T09:13:24.7366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 28.000000000000004%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECK%3C/text%3E%3C/svg%3E)
Catherine Kyalo
670
Reputation points Microsoft Employee
1 answer
Phishing attack simulation payload editor is extremely broken
We are using the attack simulation training module in Defender for Office. So we have used the solution to run phishing exercises the past year. I now wanted to change our custom positive reinforcement notification. It seems the editor…
asked 2025-01-14T12:22:45.53+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 57.99999999999999%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEG%3C/text%3E%3C/svg%3E)
Emil Gertsen Grønkjær
0
Reputation points
commented 2025-01-26T18:40:42.45+00:00
Raja Pothuraju
12,200
Reputation points Microsoft Vendor
1 answer
How to find installed software's on servers
from Windows defender portal (security.microsoft.com) can we get report of all installed software's running on servers only not client machines
asked 2024-11-14T09:07:16.2933333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 89%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMZ%3C/text%3E%3C/svg%3E)
Muhammad Zeeshan
100
Reputation points
answered 2025-01-22T09:21:58.1266667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 17%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKM%3C/text%3E%3C/svg%3E)
K-Mohammed
235
Reputation points Microsoft Employee
1 answer
Alerting when break-glass domain admin account has been used by someone
Hi, I have a break-glass domain admin account in several forests whose DCs have MDI sensors installed. Is it possible to get alert/mail notification when that account has been used by someone leveraging MDI events/logs?
asked 2024-12-08T20:28:49.3066667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 33%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBZ%3C/text%3E%3C/svg%3E)
Bojan Zivkovic
526
Reputation points
answered 2025-01-21T06:42:54.9066667+00:00
Catherine Kyalo
670
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Advanced Hunting Query -> Risky sign-ins & Risky users in EntraID?
Hi Everyone, Quick question - how can I query users/sign-ins that are flagged under Risky Activities (Security) in Entra ID within the Microsoft Defender Security portal under Advanced hunting? Essentially what I want to do is when a user is flagged on…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 10%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EO%3C/text%3E%3C/svg%3E)
1 answer
One of the answers was accepted by the question author.
Microsoft Defender Email Collaboration
I want to customize quaratine notification. When user recieve malicous mail ( for example it will be phishing link , malicous attachment, spam mail and etc) , it will go quarantine due policies. Quarantine also sends notification to user, as quarantine…
asked 2024-12-20T10:46:32.79+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 4%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKG%3C/text%3E%3C/svg%3E)
Kanan Ganiyev
20
Reputation points
commented 2025-01-08T05:25:34.8366667+00:00
Kanan Ganiyev
20
Reputation points