Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,225 questions
251 questions with Microsoft Defender for Identity-related tags
2 answers
Why defender is not correlating the Entra ID protection alerts?
Hi Team, In my environment, Entra ID Protection is generating multiple alerts even when the user, IP address, and sign-in events are the same and occur within seconds. These alerts are forwarded to Microsoft Defender, but they are not being correlated,…
asked 2025-02-17T14:53:42.8366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 76%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESN%3C/text%3E%3C/svg%3E)
Supriya Nelluri
0
Reputation points
commented 2025-02-21T16:42:32.9133333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 22%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESD%3C/text%3E%3C/svg%3E)
Sakshi Devkante
920
Reputation points Microsoft Vendor
0 answers
Data connector buttons are grayed out saying No permissions
cannot enable Microsoft Defender XDR connector in sentinel despite being logged in as owner of tenant, subscription and resource group. My licence is Microsoft 365 Business Premium which I see in documentation is an Microsoft XDR eligible licence
asked 2025-02-13T12:41:56.3866667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 4%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGB%3C/text%3E%3C/svg%3E)
gutta bachelor
0
Reputation points
commented 2025-02-21T10:50:00.04+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 26%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
Navya
15,715
Reputation points Microsoft Vendor
1 answer
Duplicated Defender AAD Identity Protection alerts due to different sign-in request ID in milliseconds
Hi, We are seeking some advise regarding the duplication alerts in our defender portal. Any help is greatly appreciated. Subject: Duplicated Defender AAD Identity Protection Alerts Due to Different Sign-In Request IDs in Milliseconds Alert Name:…
asked 2025-02-07T13:18:23.58+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 67%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJW%3C/text%3E%3C/svg%3E)
Joey W
0
Reputation points
edited a comment 2025-02-20T14:52:25.8666667+00:00
Sakshi Devkante
920
Reputation points Microsoft Vendor
3 answers
Privacy protection VPN option is not visible on my Microsoft defender
Privacy protection VPN option is not visible on my Microsoft defender. Earlier I was used now it's not visible, I have 365 personal plan
asked 2024-12-10T00:50:54.28+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 87%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETV%3C/text%3E%3C/svg%3E)
Thirumal Vellingiri
10
Reputation points
commented 2025-02-20T05:49:50.72+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(73.60000000000001, 89%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKT%3C/text%3E%3C/svg%3E)
Kimberly Traven
0
Reputation points
0 answers
Microsoft Defender for identity auto disable user account.
Hello, Recently, we are experiencing a lot of user accounts being automatically disable by Microsoft Defender for Identity when they authenticated by Exchange Online. Somehow, Defender think the user's accounts being attacked, and just disabled users…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 78%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB%3C/text%3E%3C/svg%3E)
2 answers
How can I investigate risky sign in's to determine if an account is actually compromised?
I am trying to determine why some user sign in's are flagged as risky. When I check the IP address that was associated with the sign in, most of the time it is from a GTHost server. Our users are mostly using iPhones and trying to log into the…
asked 2025-02-13T20:38:55.3966667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 70%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECI%3C/text%3E%3C/svg%3E)
Carrie Ives
6
Reputation points
answered 2025-02-19T16:48:51.0366667+00:00
Carrie Ives
6
Reputation points
0 answers
Need IOC's
Hi MSTeam, Can i have IOC's for the vulnerability "CVE-2024-21413" to hunt.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 0%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDS%3C/text%3E%3C/svg%3E)
1 answer
One of the answers was accepted by the question author.
Auto scan usb Windows 11
In Intune, devices, configurations - I have in place this policy with NO conflict and no scanning happens at all when I insert a usb device (I check event viewer) Enable Automatic Scanning of Removable Media Allow Archive Scanning Allow Behavior…
asked 2025-02-14T12:50:58.0333333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 76%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
amartinez_admin
20
Reputation points
accepted 2025-02-17T08:17:28.7766667+00:00
amartinez_admin
20
Reputation points
1 answer
How do I disable Weak Cipher on Private Endpoint
Hello Our internal vulnerabilities picked up weak cipher vulnerabilities on the private endpoints. I have been searching everywhere for solution to disable the weak cipher. Please help
asked 2025-02-07T10:33:40.0433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(121.6, 2%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Marvin Tibane
1
Reputation point
commented 2025-02-11T08:25:36.3466667+00:00
Marvin Tibane
1
Reputation point
0 answers
Where do I manage old audit activity alerts?
I have an activity alert setup for an ACCOUNT A and was later changed for ACCOUNT B but we still receive alert for ACCOUNT A. I have checked everywhere and there is no alert setup for account A How can I find it? Tried Powershell too but not much…
asked 2025-01-30T19:20:51.0566667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 89%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGK%3C/text%3E%3C/svg%3E)
Gurpreet Kaur Gill
0
Reputation points
commented 2025-02-11T02:02:34.62+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 61%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
phemanth
13,905
Reputation points Microsoft Vendor
3 answers
When a Computer slows down?
Need to know what questions are important to solve a problem of a slow down computer with windows 10
asked 2024-09-08T00:49:05.1433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 0%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHD%3C/text%3E%3C/svg%3E)
How do I configure Windows Firewall in Workstation
0
Reputation points
answered 2025-02-08T17:39:25.7633333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 49%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECG%3C/text%3E%3C/svg%3E)
Computer Guide Online
0
Reputation points
0 answers
Azure ATP sensor issue -DC not visible under the security portal
Hi,we have installed the Azure ATP sensor on 33 DC's. But one DC's sensor status was unhealthy. To resolve this, we have cleared the DC entry from security portal and again re-install the ATP but unfortunately this time the affected DCS is visible in…
asked 2025-01-29T10:55:54.0633333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 42%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EK%3C/text%3E%3C/svg%3E)
Khushboo
0
Reputation points
commented 2025-02-06T14:21:02.5966667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 27%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERP%3C/text%3E%3C/svg%3E)
Raja Pothuraju
13,715
Reputation points Microsoft Vendor
1 answer
API to get Microsoft Defender Campaigns
Is there a way to get the Campaigns data inside the Microsoft Defender Portal using an API?
asked 2025-01-06T10:36:01.8966667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 11%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHB%3C/text%3E%3C/svg%3E)
Hashem Barakat
0
Reputation points
edited the question 2025-02-06T14:06:09.9133333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 16%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERG%3C/text%3E%3C/svg%3E)
Rakesh Gurram
12,385
Reputation points Microsoft Vendor
1 answer
We received reports from our users that our URL is unsafe, but they are safe.
Hi there, I am trying to contact Microsoft Defender support, but I am experiencing difficulties getting in contact with anyone. I am writing regarding false positive alerts that our users are receiving from Microsoft Defender concerning our legitimate…
asked 2025-01-24T17:26:36.4766667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 85%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETW%3C/text%3E%3C/svg%3E)
Tirta Wulandari
0
Reputation points
edited the question 2025-02-06T13:54:43.6233333+00:00
Rakesh Gurram
12,385
Reputation points Microsoft Vendor
0 answers
Whats goin on?
<Event xmlns="__http://schemas.microsoft.com/win/2004/08/events/event__"> <System> <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" /> …
asked 2024-12-30T13:57:06.6066667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 48%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
Sherwin pillai
0
Reputation points
commented 2025-02-06T07:06:38.7533333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 88%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESD%3C/text%3E%3C/svg%3E)
Shanmugesh D
0
Reputation points
0 answers
What does the Defender Anti-Spam (Inbound) policy overrule?
The Defender Anti-Spam, Anti-Malware and Anti-Phish policies all sit together in the Email Policy and Rules section, but I am trying to understand what an exception to these policies would over rule? Mainly looking at the Anti-Spam Policy, as that is…
asked 2025-01-28T12:27:10.4433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 85%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJN%3C/text%3E%3C/svg%3E)
Josh N
20
Reputation points
edited the question 2025-02-05T10:24:45.1933333+00:00
Raja Pothuraju
13,715
Reputation points Microsoft Vendor
1 answer
One of the answers was accepted by the question author.
MDE managed devices
Hi! It is possible to manage Windows Servers with Defender for Endpoint and Intune. After setup, the Windows Server device appears in Intune. But can Devices > Configuration > Policies be deployed to it, or only policies under the Endpoint…
asked 2025-02-03T14:06:55.22+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 86%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
Artem Shaturskyi
145
Reputation points
accepted 2025-02-04T07:32:57.1333333+00:00
Artem Shaturskyi
145
Reputation points
0 answers
Windows Defender Definition Updates folder taking 256 GB of space and not able to delete the files
Windows Defender Definition Updates folder taking 256 GB of space and no free space left on C drive. Tried deleting the files but not able to do it. We are using Sophos Antivirus.
asked 2025-02-04T06:36:43.46+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(240, 19%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECS%3C/text%3E%3C/svg%3E)
Chintan Shah
0
Reputation points
edited the question 2025-02-04T06:58:27.1366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 2%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EK%3C/text%3E%3C/svg%3E)
kguntaka
4,840
Reputation points Microsoft Vendor
1 answer
Windows Defender Phishing Email Submission and Remediation
Hi, I have a question. We use gmail in my organization for email and Knowbe4 for phishing email submission and remediation. We have microsoft 365 licenses for all staff members. My organization is thinking of getting rid of Knowbe4 but I was wondering if…
asked 2025-01-31T18:10:48.28+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 5%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEP%3C/text%3E%3C/svg%3E)
Ennis Pool
0
Reputation points
edited the question 2025-02-03T21:35:03.0933333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 76%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
VarunTha
12,825
Reputation points Microsoft Vendor
1 answer
One of the answers was accepted by the question author.
I removed defender and now I can't download files in Edge.
After configuring the windows defender, windows defender apt, and windows defender smartscreen processes not to start by removing the execute permissions on the corresponding exe files, I am unable to download files in Edge. When I try to download the…
Microsoft Edge
Microsoft Edge
A Microsoft cross-platform web browser that provides privacy, learning, and accessibility tools.
2,466 questions
Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
10,806 questions
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
251 questions
asked 2025-01-27T00:51:19.2733333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 21%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER6%3C/text%3E%3C/svg%3E)
rikutotomizuka-6197
40
Reputation points
edited the question 2025-02-03T02:07:33.25+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 68%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYZ%3C/text%3E%3C/svg%3E)
Yu Zhou-MSFT
14,671
Reputation points Microsoft Vendor