151 questions with Microsoft Defender for Cloud Apps-related tags
on-premises log has not been appeared in Cloud Discovery log(MCAS)
In my environment, sending on-premise devices logs to Cloud Discovery with AMA agent built on Linux Server. After 09/16 18:05(JST), the on-prem logs haven't been appeared on "Governance log" section.(Also, there was detection from Defender,…
Issue with Microsoft Cloud App Security API - Unexpected HTML Response (500 Error)
Hi, I'm working on a Power BI solution for a client to monitor Shadow IT on managed devices and I wanted to query the Microsoft Cloud App Security API. I am using an application which returns an OAuth2 token (to follow good practices) with the following…
How do I onboard my device into MDE without the MDE service and SENSE service running?
Hi all, I was wondering if someone knew how I can install Defender for Endpoint on my device. I tried installing MDE using the onboarding package (local script for windows 10/11), but it keeps returning this to me: Starting Microsoft Defender for…
How to export piechart from MS Defender XDR Advanced Hunting?
Hello everyone, I am trying to export query result as a piechart, but there is no such an option. Do I miss something or is impossible? Thanks! Aleksandar
How to remove personal device monitoring from Microsoft Defender
Hi Everyone, I need some help with removing personal device from monitoring in Microsoft Defender. I have created a tag, but unsure on applying it. There are few corporate devices which is not onboarded but bought and are in apple business manager which…
How to add more than 3 email addresses to Defender Dark Web Monitoring
Hello! The Defender App dark web monitoring service in the iOS and desktop apps will not let me add more than 3 email addresses for monitoring. I am able to add 3 email addresses without issue and at one point, I was able to add 5 email addresses and…
Attack Simulation Training - Training Issue
Hi there, Re: Attack Simulation Training in Microsoft Defender We have deployed phishing campaigns and some users have been compromised. Some of these users are reporting that they have completed the training modules they've been assigned in this…
Defender for Cloud Apps - Legacy filters
Hi, I found the "legacy" indication in these file filter's on a policy (Stale externally shared files), in Defender for Cloud Apps. I can't find any documentation about this. I want to now if the filters will stop being supported. Also…
How much time to reflect the results in Defender for Cloud recommendations - Azure Portal?
How much time takes for "Defender for Cloud (CSPM)" to reflect the results in Security Section of the Azure Subscription after fixing the Security Recommendations. Do we have any documentation on this?
Do messages get emailed automatically if daily message limit for outbound emails exceeds a certain number?
We are currently to trying to adjust the daily message limit for outbound spam policy within Defender. Our current policy is set to the options pictured attached. Our concern is communication, especially emergency communication, to members and providers.…
Routing Kantata (salesforce application) through MCAS performance problem
I'm not sure which community to post this in, so apologies if this isn't the correct one. We want to route Kantata - a Salesforce application - through MCAS but when we do, there is a significant performance degradation. It is so bad our main users of…
MS Defender: Attack Simulation Training - Unable to see all the Tenant Payloads
Hi All I have created five tenant payload in the Microsoft Defender Attack Simulation Training module. However, when I go to test, only 11 items are displayed and some of my templates are missing, yet they exist as I can see and edit them. Is there a way…
Permissions and roles
for a user I need the role and permissions so I can read, edit, and create email threat policies for spam and phishing. are the only roles for this higher privileged ones? is there a way to adjust those permissions to lower reach?
Vulnerability Assessment is enabled on this server or one of its underlying databases with an incompatible version.
despite continuing to use the classic configuration, we are repeatedly encountering the same error. It seems that this issue persists even though we have not actually transitioned to the express configuration. Im trying to deploy using ARM template
OpenSSL vulnerabilities showing in Defender Dashboard
We have multiple devices showing up with OpenSSL vulnerabilities. It is detecting two dll files that it is flagging. Which they are libssl-3-x64.dll and libcrypto-3-x64.dll. It is flagging this for multiple different applications through out multiple…
When is Defender for Cloud Apps data location available in Australia?
Is there work in progress to have Defender for Cloud Apps available in Australia? Currently Cloud Apps default location for Australian clients, set to US.
code to use apps on computer instead of sign in
I can not find a 25 digit code to be able to log into the apps on the computer so i have to go to the website. how do I find the code or how do I fix it?
What else should i enable for chrome to block unsanctioned apps after i already enabled network protection on block mode and it isnt working
I am trying to block risky apps using MCAS and MDE, I have tagged the apps as unsanctioned but they are only blocked on Microsoft edge and not chrome. what should i do after enabling network protection?
System alert: Cloud Discovery automatic log upload error_Need to modify alert
I need to know how I can manage this alert. I want to reduce its severity from High to Medium. Is that possible? Thank you.
How to manage "System alert: Cloud Discovery automatic log upload error" MCAS alert/incident?
Hey All, So we've recently been getting the alert "System alert: Cloud Discovery automatic log upload error" and I'd like to know where I can manage this alert, such as changing its severity level from HIGH to MEDIUM, among other things? I…