1,082 questions with Microsoft Defender for Cloud-related tags
Issue with Defender Recommendations - Linux virtual machines should enable Azure Disk Encryption or EncryptionAtHost.
HI i have 3 virtual machines in azure i have enabled one week back Encryption at host for all machines - Now am seeing - Recommendations - Virtual machines and virtual machine scale sets should have encryption at host enabled is now in healthy…
How can i enable defender on particular app service plan.
Hi i have 7 app plan and they have 7 instance correspondigly. when i go to app plan there is no option for defender. when i go to app service defender option is there but i dont have option to apply it. At defender page > Environment Setting > we…
Need suggestion for malware scan for blob in Azure Storage, file size approx. 100GB
We're uploading virtual machine backup files using AzCopy with extension .vmdk, .vdi, etc and size are huge around 100GB and it's a single file to Azure Storage as a blob. We thought to do malware scan once file uploaded. The Defender of Azure Storage…
New teams not in defender for endpoint
Hello everyone, In the company we're curently moving from teams classic to new teams. However I don't see the new teams in defender. Is the new teams not visible in defender for endpoint ? I can no longer see vulnerabilities and who has the new teams…
Understanding why full and quick scans are out of 7 days
Hi, We have been receiving security recommendations for our virtual machines, and one of the findings states that "Both full and quick scans are out of 7 days": EDR configuration issues should be resolved on virtual machines-> Findings->…
Defender for container - Pricing question
Hello, I added an AKS-HCI Kubernetes cluster on Azure Arc, and I activated Defender for Containers. I’m not using the Azure registry. It has been 40 days since I integrated this, but I still don’t see any charges for Defender, even though it’s clearly…
OpenSSL Vulnerability
Hello, We received a critical alert from Microsoft Defender (CVE-2023-49210) which tells us that 90 of our devices have vulnerabilities due to the version Openssl which is not supported anymore. We don't have any software on these PCs that include…
How to Onboard Windows servers to Microsoft Defender for Endpoint using Defender for Cloud
We have configured Microsoft Defender for Server Plan 1 in our environment. How to Onboard windows server automatically in Microsoft defender for endpoint using Defender for cloud. Where we can see the device reporting and logs. What are the RBAC…
IaaSAntimalware and MDE.Windows VM extensions
Are there any benefits to having both the IaaSAntimalware and MDE.Windows extensions installed on an Azure hosted virtual machine or are they just redundant?
How to block SAM, LSA dump through Microsoft Defender for Endpoint
Hello, I am trying to see if the EDR Microsoft Defender for Endpoint or other solutions from Microsoft offer options to block the following hive dump SAM, LSA and optionaly DPAPI. I am aware that suspicious dumps are detected but is there a possibility…
Microsoft Defender for Containers in AKS-HCI - pricing questions
Hello, I added a new AKS-HCI kubernetes cluster on premises to arc, and enabled defender for containers and installed the extensions in the cluster. but billing has still been 0 since 1 month. can you explain why. given that it is stated that billing…
What's the exact definition of 'Timegenerated' in an Azure Resource Graph query output for Container Image Vulnerabilities?
When we run a query to find vulnerabilities in Container Images, there's a 'timegenerated' column in the query output. I've tried to find this documented somewhere, but can't, I've only found a document for Azure Monitor. Does this mean it's the last…
Defender for cloud not enable some of the subscription
Hi, We have added 23 subscriptions to a single management group and enabled Defender for cloud at the management group level, and assigned NIST 00-53. However, only 2 of the 23 subscriptions are showing the Defender state as "OFF".…
How to notify security team members of assigned alerts/incidents in Microsoft Defender
Is there a way to send email notifications to someone when we assign an alert or incident specifically to them in Microsoft Defender? We already have email notifications set up for new alerts, but we're wondering if there is a way to notify team members…
If Defender for Blob doesn't scan a file (no tags) is there anything we can do to force it to look again?
We have a system that scans all files uploaded to blob on upload. However, we've noticed that occassionally some files just never get scanned (i.e. never get the tags against them). In the documents it does say this can happen if the file throughput is…
Enable Defender For Storage malware scanning using ARM template.
I have this resource definition: //Defender For Storage { "type": "Microsoft.Security/DefenderForStorageSettings", "apiVersion": "2022-12-01-preview", "name":…
Standard Recommendations with Source "Defender for Cloud"
Recommendations under Compliance Standards (e.g. Azure CSPM (Preview) Standard) are tagged with source field as "Policy" or "Defender for Cloud". whats the difference between recommendations that are sourced from policy vs defender…
Defender for Cloud based Standards
Recommendations under "Azure CSPM (Preview)" standard are all tagged with source as "Defender for Cloud". What's the difference between recommendation source "defender for cloud" and "policy"? How can I access…
Error durin on-upload malware scan activation for storage account
I created Event Grid topic and want to assign it to Microsoft Defender report pipeline. When I enable on-upload scan for my storage account and select my topic, I get Plan enablement partially succeeded. Could not enable on-upload malware scanning:…
ServiceNow integration with Defender for Cloud
What permissions are required in SerivceNow for the ServiceNow integration with Defender for Cloud user? The doc does not seem to indicate what permissions are required for the ServiceNow service account in…