50 questions with Microsoft Defender for Endpoint Training-related tags

Sort by: Updated
0 answers

Microsoft XDR (Defender) - How to export - Advanced Hunting - Custom Detection Rules

Hello everyone, Our team is trying to export the Custom Detection Rules. We have more than 50 rules, so we need an automated process that allows us to export and import the rules. Currently, we see that the API function that allows this is still in beta:…

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,370 questions
Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,937 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,856 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,422 questions
Microsoft Defender for Endpoint Training
Microsoft Defender for Endpoint Training
Microsoft Defender for Endpoint: A Microsoft unified security platform for preventative protection, postbreach detection, and automated investigation and response. Previously known as Microsoft Defender Advanced Threat Protection.Training: Instruction to develop new skills.
50 questions
asked 2024-11-07T15:08:58.0766667+00:00
viri4to 10 Reputation points
commented 2024-11-21T08:22:08.14+00:00
Gautam 0 Reputation points Microsoft Employee
1 answer

Microsoft Defender for Endpoint creates a large amount of Powershell Logs

Hello, we are using Defender for Endpoint and MS Sentinel. To enhance security, we would like to enable Powershell logging on all devices. But when we enable it, we get 10 times more logs than before. I analyzed the incomming logs and found out that…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,172 questions
PowerShell
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,634 questions
Microsoft Defender for Endpoint Training
Microsoft Defender for Endpoint Training
Microsoft Defender for Endpoint: A Microsoft unified security platform for preventative protection, postbreach detection, and automated investigation and response. Previously known as Microsoft Defender Advanced Threat Protection.Training: Instruction to develop new skills.
50 questions
asked 2024-11-18T15:23:36.6133333+00:00
Wankmüller, David (BAGHUS GmbH) 0 Reputation points
edited a comment 2024-11-20T18:05:15.0733333+00:00
Raja Pothuraju 8,265 Reputation points Microsoft Vendor
1 answer

How do I onboard my device into MDE without the MDE service and SENSE service running?

Hi all, I was wondering if someone knew how I can install Defender for Endpoint on my device. I tried installing MDE using the onboarding package (local script for windows 10/11), but it keeps returning this to me: Starting Microsoft Defender for…

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,422 questions
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
213 questions
Microsoft Defender for Cloud Apps
Microsoft Defender for Cloud Apps
A Microsoft cloud access security broker that enables customers to control the access and use of software as a service apps in their organization.
151 questions
Microsoft Defender for Endpoint Training
Microsoft Defender for Endpoint Training
Microsoft Defender for Endpoint: A Microsoft unified security platform for preventative protection, postbreach detection, and automated investigation and response. Previously known as Microsoft Defender Advanced Threat Protection.Training: Instruction to develop new skills.
50 questions
asked 2024-11-19T09:32:50.17+00:00
Geert _vdb 0 Reputation points
edited an answer 2024-11-19T10:03:22.77+00:00
Givary-MSFT 33,476 Reputation points Microsoft Employee
0 answers

Attack Simulation Training recording "clicked message link" when reporting as junk mail

I've run my 2nd simulation training attack on my team but I was surprised to see that this one had more users showing as "clicked message link". Looking into it I can see that they have reporting the email as junk (not phishing) and when I…

Microsoft 365
Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
5,197 questions
Microsoft Defender for Endpoint Training
Microsoft Defender for Endpoint Training
Microsoft Defender for Endpoint: A Microsoft unified security platform for preventative protection, postbreach detection, and automated investigation and response. Previously known as Microsoft Defender Advanced Threat Protection.Training: Instruction to develop new skills.
50 questions
asked 2024-11-05T09:49:50.7933333+00:00
Chris 0 Reputation points
commented 2024-11-13T16:31:21.82+00:00
Chris 0 Reputation points
1 answer

How to export piechart from MS Defender XDR Advanced Hunting?

Hello everyone, I am trying to export query result as a piechart, but there is no such an option. Do I miss something or is impossible? Thanks! Aleksandar

Microsoft 365
Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
5,197 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,172 questions
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
213 questions
Microsoft Defender for Cloud Apps
Microsoft Defender for Cloud Apps
A Microsoft cloud access security broker that enables customers to control the access and use of software as a service apps in their organization.
151 questions
Microsoft Defender for Endpoint Training
Microsoft Defender for Endpoint Training
Microsoft Defender for Endpoint: A Microsoft unified security platform for preventative protection, postbreach detection, and automated investigation and response. Previously known as Microsoft Defender Advanced Threat Protection.Training: Instruction to develop new skills.
50 questions
asked 2024-11-12T09:51:02.8+00:00
Aleksandar Tomov 30 Reputation points
answered 2024-11-13T00:25:38.94+00:00
James Hamil 25,786 Reputation points Microsoft Employee
1 answer

I want to fetch regulatory compliance data from microsoft defender for cloud via API in postman, is there any way to do this ?

I see this api on microsoft learn platform but I am not able to replicate the same in postman, I am not sure what type of permission i need to give my application in order for me to fetch regulatory compliance data just same as shown below but via…

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,422 questions
Microsoft Defender for Endpoint Training
Microsoft Defender for Endpoint Training
Microsoft Defender for Endpoint: A Microsoft unified security platform for preventative protection, postbreach detection, and automated investigation and response. Previously known as Microsoft Defender Advanced Threat Protection.Training: Instruction to develop new skills.
50 questions
asked 2024-11-06T09:28:30.1666667+00:00
Milan Pandya 0 Reputation points
edited an answer 2024-11-06T21:57:19.4533333+00:00
James Hamil 25,786 Reputation points Microsoft Employee
1 answer One of the answers was accepted by the question author.

Defender for Servers or containers covers VMs on Containers?

We have a scenario wherein we are to have AKS clusters with containers. We would be running VMs on these containers. We wanted to understand if Defender for servers or Defender for containers or MDE covers these VMs from security standpoint at OS level,…

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,422 questions
Microsoft Defender for Endpoint Training
Microsoft Defender for Endpoint Training
Microsoft Defender for Endpoint: A Microsoft unified security platform for preventative protection, postbreach detection, and automated investigation and response. Previously known as Microsoft Defender Advanced Threat Protection.Training: Instruction to develop new skills.
50 questions
asked 2024-11-04T16:38:05.95+00:00
Rakesh Singh 270 Reputation points
accepted 2024-11-04T17:22:51.54+00:00
Rakesh Singh 270 Reputation points
2 answers

How to fully Uninstall/Clean-up Microsoft Defender Endpoint

Hello, We are having issues trying to use a migration tool to move our devices to another Microsoft tenant. It seems to be struggling gaining access and deleting a regkey that is link to a service for MDE. The tool is running and using the system…

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,422 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,246 questions
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
213 questions
Microsoft Defender for Endpoint Training
Microsoft Defender for Endpoint Training
Microsoft Defender for Endpoint: A Microsoft unified security platform for preventative protection, postbreach detection, and automated investigation and response. Previously known as Microsoft Defender Advanced Threat Protection.Training: Instruction to develop new skills.
50 questions
asked 2024-06-27T13:23:57.6933333+00:00
Dan Beeney 0 Reputation points
edited the question 2024-11-01T11:16:59.36+00:00
simo-k 715 Reputation points
1 answer

Microsoft Defender portal

why "View data-security operations" is mentioned 2 times for "**One of the following roles is required for Defender for Endpoint" This is any specific vedio explain about this table ? …

Microsoft Defender for Endpoint Training
Microsoft Defender for Endpoint Training
Microsoft Defender for Endpoint: A Microsoft unified security platform for preventative protection, postbreach detection, and automated investigation and response. Previously known as Microsoft Defender Advanced Threat Protection.Training: Instruction to develop new skills.
50 questions
asked 2024-10-09T13:21:37.8266667+00:00
Mahesh M 0 Reputation points
answered 2024-10-16T16:45:06.8266667+00:00
kguntaka 3,405 Reputation points Microsoft Vendor
2 answers One of the answers was accepted by the question author.

Loss of CWPP protection with AMA Usage

**Please understand that the context may be awkward as I used a translator. Hello, We are an Azure MSP provider. Our customer is currently using Microsoft Defender for Cloud (MDC) with Server Plan 1 activated. Previously, the Log Analytics Agent (MMA)…

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,422 questions
Microsoft Defender for Endpoint Training
Microsoft Defender for Endpoint Training
Microsoft Defender for Endpoint: A Microsoft unified security platform for preventative protection, postbreach detection, and automated investigation and response. Previously known as Microsoft Defender Advanced Threat Protection.Training: Instruction to develop new skills.
50 questions
asked 2024-09-04T12:10:40.6666667+00:00
용현 정 65 Reputation points
accepted 2024-10-13T23:15:43.0533333+00:00
용현 정 65 Reputation points
1 answer

Endpoint DLP still shows disabled even after onboarding the device in MDE

I've seen somewhere that onboarding the device in MDE won't be requiring to onboard the device to Purview portal for DLP to work but below image shows that my Endpoint DLP Status is disabled. Take note that these machines are non-domain joined. In the…

Microsoft Purview
Microsoft Purview
A Microsoft data governance service that helps manage and govern on-premises, multicloud, and software-as-a-service data. Previously known as Azure Purview.
1,246 questions
Microsoft Intune Compliance
Microsoft Intune Compliance
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Compliance: Adhering to rules, standards, policies, and laws.
170 questions
Microsoft Defender for Endpoint Training
Microsoft Defender for Endpoint Training
Microsoft Defender for Endpoint: A Microsoft unified security platform for preventative protection, postbreach detection, and automated investigation and response. Previously known as Microsoft Defender Advanced Threat Protection.Training: Instruction to develop new skills.
50 questions
asked 2024-09-25T11:44:46.2933333+00:00
Bree 5 Reputation points
commented 2024-10-11T13:49:12.6533333+00:00
Chandra Boorla 3,460 Reputation points Microsoft Vendor
1 answer

Role & Permissions

What are the correct roles or permissions to let a user read and edit the email threat policies in Microsoft defender portal? From what I can find it would be Security Administrator. Is there a way to lower this role so it is not as privileged, if no…

Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
213 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,266 questions
Microsoft Defender for Endpoint Training
Microsoft Defender for Endpoint Training
Microsoft Defender for Endpoint: A Microsoft unified security platform for preventative protection, postbreach detection, and automated investigation and response. Previously known as Microsoft Defender Advanced Threat Protection.Training: Instruction to develop new skills.
50 questions
asked 2024-10-08T20:50:58.76+00:00
Son man 20 Reputation points
answered 2024-10-09T06:45:52.9766667+00:00
Vasil Michev 108.6K Reputation points MVP
0 answers

How to refresh Microsoft defender endpoints vulnerability weaknesses.

Hello Microsoft Defender Guru. I am looking at Microsoft Defender Endpoints Vulnerability weaknesses and some of the windows 10 CVE age is 3 years old. The Exposed devices give us a long list of Windows 10 devices. We know some of the windows 10…

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,422 questions
Microsoft Defender for Endpoint Training
Microsoft Defender for Endpoint Training
Microsoft Defender for Endpoint: A Microsoft unified security platform for preventative protection, postbreach detection, and automated investigation and response. Previously known as Microsoft Defender Advanced Threat Protection.Training: Instruction to develop new skills.
50 questions
asked 2024-10-07T17:55:37.9233333+00:00
brichardi 331 Reputation points
commented 2024-10-07T23:43:47.04+00:00
James Hamil 25,786 Reputation points Microsoft Employee
0 answers

Despite creating an Activity alert in the Microsoft Defender portal, we are still not receiving any alerts.

Despite creating an Activity alert in the Microsoft Defender portal, we are still not receiving any alerts.

Microsoft 365
Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
5,197 questions
Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
926 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,422 questions
Office 365 Training
Office 365 Training
Office 365: A set of Microsoft legacy offerings that combine Office desktop apps with cloud services including OneDrive and Microsoft Teams.Training: Instruction to develop new skills.
33 questions
Microsoft Defender for Endpoint Training
Microsoft Defender for Endpoint Training
Microsoft Defender for Endpoint: A Microsoft unified security platform for preventative protection, postbreach detection, and automated investigation and response. Previously known as Microsoft Defender Advanced Threat Protection.Training: Instruction to develop new skills.
50 questions
asked 2024-10-02T04:33:54.9766667+00:00
Akhila SR 0 Reputation points
commented 2024-10-07T03:46:53.7466667+00:00
Givary-MSFT 33,476 Reputation points Microsoft Employee
2 answers

Can I subscribe Defender Plan II and Intune Plan I standalone without subscribing whole E3 or E5 package?

Hello, I would like to check if it is possible to subscribe Microsoft Defender plan II and Microsoft Intune plan I standalone if needed and Microsoft allows it.

Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,246 questions
Microsoft Defender for Endpoint Training
Microsoft Defender for Endpoint Training
Microsoft Defender for Endpoint: A Microsoft unified security platform for preventative protection, postbreach detection, and automated investigation and response. Previously known as Microsoft Defender Advanced Threat Protection.Training: Instruction to develop new skills.
50 questions
asked 2024-09-11T13:52:28.2566667+00:00
ashish shukla 0 Reputation points
edited the question 2024-10-07T02:20:53.03+00:00
Crystal-MSFT 49,761 Reputation points Microsoft Vendor
1 answer One of the answers was accepted by the question author.

Defender for Endpoint log retention

Hi there, In order to increase data retention for CloudAppEvents or DeviceRegistryEvents tables i know we can ingest them in Microsoft Sentinel. My question is if there is another way to store these logs? I just want to retain the logs for cold storage…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,172 questions
Microsoft Defender for Endpoint Training
Microsoft Defender for Endpoint Training
Microsoft Defender for Endpoint: A Microsoft unified security platform for preventative protection, postbreach detection, and automated investigation and response. Previously known as Microsoft Defender Advanced Threat Protection.Training: Instruction to develop new skills.
50 questions
asked 2024-08-27T11:01:19.6966667+00:00
Luís Costa 226 Reputation points
accepted 2024-09-04T08:37:40.4033333+00:00
Luís Costa 226 Reputation points
1 answer

Will enabling "Agentless scanning and MDE for Microsoft Defender for cloud" impact any existing resources in Azure Subscription?

Can we enable "Agentless scanning and MDE for Microsoft Defender for the cloud" in Azure subscription without impacting existing subscription resources?

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,337 questions
Azure Cloud Services
Azure Cloud Services
An Azure platform as a service offer that is used to deploy web and cloud applications.
704 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,422 questions
Microsoft Defender for Endpoint Training
Microsoft Defender for Endpoint Training
Microsoft Defender for Endpoint: A Microsoft unified security platform for preventative protection, postbreach detection, and automated investigation and response. Previously known as Microsoft Defender Advanced Threat Protection.Training: Instruction to develop new skills.
50 questions
asked 2024-08-09T16:33:33.7066667+00:00
Solution Developer 0 Reputation points
commented 2024-09-02T16:14:45.1533333+00:00
Givary-MSFT 33,476 Reputation points Microsoft Employee
1 answer

unable to run the Phishing simulation from inside Defender

I am unable to run the Phishing simulation from inside Defender I get the following error: Diagnostic…

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,422 questions
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
213 questions
Microsoft Defender for Cloud Apps
Microsoft Defender for Cloud Apps
A Microsoft cloud access security broker that enables customers to control the access and use of software as a service apps in their organization.
151 questions
Microsoft Defender for Endpoint Training
Microsoft Defender for Endpoint Training
Microsoft Defender for Endpoint: A Microsoft unified security platform for preventative protection, postbreach detection, and automated investigation and response. Previously known as Microsoft Defender Advanced Threat Protection.Training: Instruction to develop new skills.
50 questions
asked 2024-08-26T14:07:57.98+00:00
Daniel Araneda 0 Reputation points
answered 2024-08-29T06:02:26.73+00:00
Givary-MSFT 33,476 Reputation points Microsoft Employee
2 answers One of the answers was accepted by the question author.

Defender for Server Policies

Hello For servers that are onboarded to Defender for Cloud and have the server plan activated, are the AV policies controlled from the Endpoint security policies? Can Servers have endpoint security policies pushed to them, even if they are not onboarded…

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,422 questions
Microsoft Defender for Endpoint Training
Microsoft Defender for Endpoint Training
Microsoft Defender for Endpoint: A Microsoft unified security platform for preventative protection, postbreach detection, and automated investigation and response. Previously known as Microsoft Defender Advanced Threat Protection.Training: Instruction to develop new skills.
50 questions
asked 2024-04-01T20:38:54.3666667+00:00
berketjune2012 371 Reputation points
commented 2024-08-28T14:39:33.02+00:00
jason coyne 0 Reputation points
1 answer One of the answers was accepted by the question author.

Do Defender for Endpoint license pricing differ whether the endpoint is a server or a client machine?

Do Defender for Endpoint license pricing differ whether the endpoint is a server or a client machine?

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,422 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,172 questions
Microsoft Defender for Endpoint Training
Microsoft Defender for Endpoint Training
Microsoft Defender for Endpoint: A Microsoft unified security platform for preventative protection, postbreach detection, and automated investigation and response. Previously known as Microsoft Defender Advanced Threat Protection.Training: Instruction to develop new skills.
50 questions
asked 2024-08-23T09:11:30.99+00:00
Ergon Erik 20 Reputation points
accepted 2024-08-26T06:57:04.47+00:00
Ergon Erik 20 Reputation points