47 questions with Microsoft Defender for Endpoint Training-related tags
Microsoft XDR (Defender) - How to export - Advanced Hunting - Custom Detection Rules
Hello everyone, Our team is trying to export the Custom Detection Rules. We have more than 50 rules, so we need an automated process that allows us to export and import the rules. Currently, we see that the API function that allows this is still in beta:…
Attack Simulation Training recording "clicked message link" when reporting as junk mail
I've run my 2nd simulation training attack on my team but I was surprised to see that this one had more users showing as "clicked message link". Looking into it I can see that they have reporting the email as junk (not phishing) and when I…
I want to fetch regulatory compliance data from microsoft defender for cloud via API in postman, is there any way to do this ?
I see this api on microsoft learn platform but I am not able to replicate the same in postman, I am not sure what type of permission i need to give my application in order for me to fetch regulatory compliance data just same as shown below but via…
Defender for Servers or containers covers VMs on Containers?
We have a scenario wherein we are to have AKS clusters with containers. We would be running VMs on these containers. We wanted to understand if Defender for servers or Defender for containers or MDE covers these VMs from security standpoint at OS level,…
How to fully Uninstall/Clean-up Microsoft Defender Endpoint
Hello, We are having issues trying to use a migration tool to move our devices to another Microsoft tenant. It seems to be struggling gaining access and deleting a regkey that is link to a service for MDE. The tool is running and using the system…
Microsoft Defender portal
why "View data-security operations" is mentioned 2 times for "**One of the following roles is required for Defender for Endpoint" This is any specific vedio explain about this table ? …
Loss of CWPP protection with AMA Usage
**Please understand that the context may be awkward as I used a translator. Hello, We are an Azure MSP provider. Our customer is currently using Microsoft Defender for Cloud (MDC) with Server Plan 1 activated. Previously, the Log Analytics Agent (MMA)…
Endpoint DLP still shows disabled even after onboarding the device in MDE
I've seen somewhere that onboarding the device in MDE won't be requiring to onboard the device to Purview portal for DLP to work but below image shows that my Endpoint DLP Status is disabled. Take note that these machines are non-domain joined. In the…
Role & Permissions
What are the correct roles or permissions to let a user read and edit the email threat policies in Microsoft defender portal? From what I can find it would be Security Administrator. Is there a way to lower this role so it is not as privileged, if no…
How to refresh Microsoft defender endpoints vulnerability weaknesses.
Hello Microsoft Defender Guru. I am looking at Microsoft Defender Endpoints Vulnerability weaknesses and some of the windows 10 CVE age is 3 years old. The Exposed devices give us a long list of Windows 10 devices. We know some of the windows 10…
Despite creating an Activity alert in the Microsoft Defender portal, we are still not receiving any alerts.
Despite creating an Activity alert in the Microsoft Defender portal, we are still not receiving any alerts.
Can I subscribe Defender Plan II and Intune Plan I standalone without subscribing whole E3 or E5 package?
Hello, I would like to check if it is possible to subscribe Microsoft Defender plan II and Microsoft Intune plan I standalone if needed and Microsoft allows it.
Defender for Endpoint log retention
Hi there, In order to increase data retention for CloudAppEvents or DeviceRegistryEvents tables i know we can ingest them in Microsoft Sentinel. My question is if there is another way to store these logs? I just want to retain the logs for cold storage…
Will enabling "Agentless scanning and MDE for Microsoft Defender for cloud" impact any existing resources in Azure Subscription?
Can we enable "Agentless scanning and MDE for Microsoft Defender for the cloud" in Azure subscription without impacting existing subscription resources?
unable to run the Phishing simulation from inside Defender
I am unable to run the Phishing simulation from inside Defender I get the following error: Diagnostic…
Defender for Server Policies
Hello For servers that are onboarded to Defender for Cloud and have the server plan activated, are the AV policies controlled from the Endpoint security policies? Can Servers have endpoint security policies pushed to them, even if they are not onboarded…
Do Defender for Endpoint license pricing differ whether the endpoint is a server or a client machine?
Do Defender for Endpoint license pricing differ whether the endpoint is a server or a client machine?
MDE Extension not getting installed
Hi All, We have enabled option inside the Microsoft defender for cloud to install the MDE extension and onboard the systems automatically to MDE portal. We have windows 10 22H2 multi session VMs running as AVD session hosts. But we don't see MDE…
Anyone managed to get IoCs ( threat indicators ) from Sentinel to Defender for endpoint
Currently I have some scripts running on a cron job that import IoCs to defender for endpoint indicator list ( this allows blocking on the endpoints) . We have recently setup a Sentinel instance and it’s pretty easy to add threat intel to Sentinel via a…
Defender for Endpoint for Linux - View Threat Telemetry
Hi We have a fleet of around 1000 RHEL 7.2 systems that we wish to onboard to Microsoft Defender. There are a mix of DEV, Pre-Prod, PROD and run Web, DB + enterprise Apps for the business. We want to ensure that we can simply onboard them in a passive…