1,228 questions with Microsoft Defender for Cloud-related tags
IaaSAntimalware and MDE.Windows VM extensions
Are there any benefits to having both the IaaSAntimalware and MDE.Windows extensions installed on an Azure hosted virtual machine or are they just redundant?
How to Onboard Windows servers to Microsoft Defender for Endpoint using Defender for Cloud
We have configured Microsoft Defender for Server Plan 1 in our environment. How to Onboard windows server automatically in Microsoft defender for endpoint using Defender for cloud. Where we can see the device reporting and logs. What are the RBAC…
What's the exact definition of 'Timegenerated' in an Azure Resource Graph query output for Container Image Vulnerabilities?
When we run a query to find vulnerabilities in Container Images, there's a 'timegenerated' column in the query output. I've tried to find this documented somewhere, but can't, I've only found a document for Azure Monitor. Does this mean it's the last…
How to block SAM, LSA dump through Microsoft Defender for Endpoint
Hello, I am trying to see if the EDR Microsoft Defender for Endpoint or other solutions from Microsoft offer options to block the following hive dump SAM, LSA and optionaly DPAPI. I am aware that suspicious dumps are detected but is there a possibility…
Microsoft Defender for Containers in AKS-HCI - pricing questions
Hello, I added a new AKS-HCI kubernetes cluster on premises to arc, and enabled defender for containers and installed the extensions in the cluster. but billing has still been 0 since 1 month. can you explain why. given that it is stated that billing…
Azure - Microsoft Defender for Cloud - I can't download security recommendations to a CSV. I could for nearly 90 days straight and can download all others.
Hi, I can't download security recommendations to a csv file from: Microsoft Defender for Cloud | Recommendations from either the: Secure score recommendations or All recommendations tabs in Azure. I was able to do so yesterday and nearly every day since…
Info required for migration of MMA to Windows defender Unified agent.
Please help me to identify the specific process for that Microsoft Defender unified agent is running on the server. Scenario is that there are some servers in the environment running with 2012R2 and 2016. And MMA is running on the servers. As a result,…
Microsoft defender is alerting for vulnerable version of nuget package in Azure Function's ".azurefunctions/function.deps.json" file"
Hi Champs, I'm facing a typical problem with my function app and MS defender for cloud. Defender is raising issues for my deployed function(written in c#) as: Even after installing latest nuget package, "function.deps.json" file is not…
P1 and P2 Defender Plans are active at the same time and the same Azure Ressource
Hello, We use a standard Microsoft Policy to activate Azure Defender for Servers P1 via tags on our Azure ARC Servers. The policy in question is "Configure Azure Defender for Servers to be enabled ('P1' subplan) for all resources (resource level)…
How to notify security team members of assigned alerts/incidents in Microsoft Defender
Is there a way to send email notifications to someone when we assign an alert or incident specifically to them in Microsoft Defender? We already have email notifications set up for new alerts, but we're wondering if there is a way to notify team members…
Defender 365 admin console - Disabled Connected to a custom indicator & Connected to a unsanctionned blocked app rules
I want to know how I can disable these two following alerts : Disabled Connected to a custom indicator Connected to an unsanctioned blocked app I didn't find these alerts on the Alerts Policy of XDR/EPP or Cloud apps. Since all the changed that…
If Defender for Blob doesn't scan a file (no tags) is there anything we can do to force it to look again?
We have a system that scans all files uploaded to blob on upload. However, we've noticed that occassionally some files just never get scanned (i.e. never get the tags against them). In the documents it does say this can happen if the file throughput is…
How to get the impacted asset (user or client) when fetching alerts (v2) from Defender using API?
Hello, I followed this documentation to list alerts from Defender https://learn.microsoft.com/en-us/graph/api/security-list-alerts_v2?view=graph-rest-beta&tabs=http While I am getting the output, it is very different from when I fetch the alerts…
Google play update is disappeared from Security menu in Android CAT phone
Google play update is disappeared from Security menu in one of Android CAT phone which used by my mother watching YouTube last month. so far , can not update google play. There are hacking traffic to enable bluetooth, NFC, ons, emergency information…
How to stop ATP clicking links in Phishing simulation emails
I have logged in to Microsoft Defender for O365 and configured the Phishing Simulation tab under Email & collaboration > Policies & rules > Threat policies > Advanced delivery. But something ATP wise is still clicking the links in my…
Defender for cloud not enable some of the subscription
Hi, We have added 23 subscriptions to a single management group and enabled Defender for cloud at the management group level, and assigned NIST 00-53. However, only 2 of the 23 subscriptions are showing the Defender state as "OFF".…
Standard Recommendations with Source "Defender for Cloud"
Recommendations under Compliance Standards (e.g. Azure CSPM (Preview) Standard) are tagged with source field as "Policy" or "Defender for Cloud". whats the difference between recommendations that are sourced from policy vs defender…
Enable Defender For Storage malware scanning using ARM template.
I have this resource definition: //Defender For Storage { "type": "Microsoft.Security/DefenderForStorageSettings", "apiVersion": "2022-12-01-preview", "name":…
Error durin on-upload malware scan activation for storage account
I created Event Grid topic and want to assign it to Microsoft Defender report pipeline. When I enable on-upload scan for my storage account and select my topic, I get Plan enablement partially succeeded. Could not enable on-upload malware scanning:…
Microsoft 365 Defender - How to get more meaningful email alerting?
How can I get more meaningful email alerts using the Microsoft 365 Defender? Because every time I get the email alert, the email is not as informative like the below: Microsoft 365 Defender has detected a security threat in your environment View incident…