147 questions with Microsoft Defender for Cloud-related tags
ServiceNow integration with Defender for Cloud
What permissions are required in SerivceNow for the ServiceNow integration with Defender for Cloud user? The doc does not seem to indicate what permissions are required for the ServiceNow service account in…
Defender for Red Hat Linux
My customer just migrated most of the environment running in Azure. We have bunch of Red Hat Linux servers will be migrated to Azure VMs. We are going to protect our Windows and Linux Environment using Microsoft Defender. However, there were issues…
Microsoft Defender for Cloud Storage.. Azure File Shares questions
A vendor recently converted our file server over to Azure File shares and after doing some testing some questions have arose... Does Microsoft Defender for Cloud Storage scan preexisting file shares for malware when implemented after data has already…
P1 and P2 Defender Plans are active at the same time and the same Azure Ressource
Hello, We use a standard Microsoft Policy to activate Azure Defender for Servers P1 via tags on our Azure ARC Servers. The policy in question is "Configure Azure Defender for Servers to be enabled ('P1' subplan) for all resources (resource level)…
How to set Microsoft Defender (Security Center) settings via the Azure.ResourceManager SDK
We have the following code that enables Microsoft Defender for Cloud for an Azure subscription using the Azure.ResourceManager C# SDK. However, when we view the settings for Defender in the Azure portal, a couple of items aren't turned on that we would…
I am receiving this notification from the Defender "Insecure SSH private key"
I am receiving this notification from the Defender "Insecure SSH private key" Defender for Servers found a plaintext SSH private key that is part of a pair. It is important to secure the private key to avoid its misuse or leakage. But on the…
FIM in defender not showing file changes for newly created file after 3 days also.
Team, I have enabled FIM on one of the Resource Group it has created one default Log Analytics Workspace, DCR rule. We executed a script that will create test file on all VM's in /etc and C:\windows\system32 directory. But those changes are not yet…
Run a phishing simulation
No matter what type of simulation I am doing. They are not working.
Where to find documentation of all available options for the $expand api param of the assessments endpoint
I'm trying to use this api: https://learn.microsoft.com/en-us/rest/api/defenderforcloud/assessments/list?view=rest-defenderforcloud-2020-01-01&tabs=HTTP Even though not documented in the linked page, the $expand param is supported (this is…
Microsoft Defender against Palo Alto Cortex
I am tasked to compare Palo Alto Cortex solution on our existing Windows workstations against MS Defender for Endpoint. There is several articles about this and my first conclusion is, that Defender might have only small weakness against Palo Alto but I…
Transition to Microsoft Defender Vulnerability Management - java sdk, SecuritySubAssessmentInner AdditionalData problem
Hi, We want to migrate from https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-containers-vulnerability-assessment-azure to https://learn.microsoft.com/en-us/azure/defender-for-cloud/agentless-vulnerability-assessment-azure which is…
Add cloud defender to workspace
I am trying to add MS Cloud Defender to the workspace but it fails and I do not know the reason
Inventory PST files based on computers in the Organizational Unit (OU) in Active Directory
Hello, I'm looking for a script/tool to collect information on all PST files located in user computers. What is the best and most efficient way to accomplish this?I have an inventory with this informations : ComputerName,UserName,EmailAddress,Pst File…
Why is that exempted pods show up on affected pods list?
I configured disable rule on "Azure running container images should have vulnerabilities resolved" by specifying their image digests but I still see the the images on affected pods list. Why is that?
Windows Defender MpCmdRun.exe Custom Scan Automation Job Failing intermittently in Production Environment using TeamCity Tool
Hello Microsoft Community, We are currently facing an issue with our TeamCity build automation, specifically related to the custom virus scan using the MpCmdRun.exe command-line utility. Our setup involves executing the command: MpCmdRun.exe -Scan…
How to automatically rotate DKIM keys on a scheduled basis in 365 Defender?
Could someone let me know how to automatically rotate DKIM keys on a scheduled basis in 365 Defender? Instead of manually running the powershell script to rotate the DKIM key.
Defender for Clouds - alert details hidden in Activity logs of log analytics
Hey, from Tuesday 1 Aug 2023 - 6 PM (New Zealand time) we started seeing alerts from Defender for Clouds appear with hidden information just like this: "******" in the Activity Logs of the log analytics page. but we can see the full details of…
Devices without Microsoft Defender for Endpoint sensor
We have devices on boarded in defender using Intune MDM configuration profile But the list of devices shows Devices without Microsoft Defender for Endpoint sensor But all the on boarded devices are listed on defender as Active state, Ticket also raised,…
The endpoint provided by azure is not returning the correct list of extensions for defender plan & pricings
Service:Defender for Cloud API Version:2024-01-01 This endpoint provided by in azure documentation is not listing all the extensions that are enabled in the portal. GET…
Not able to use Microsoft Defender for Cloud for DevOps
Hi, I'm trying to use Defender for Cloud for DevOps. I've configured everything that's required for connecting my DevOps to Microsoft Defender for Cloud. However, as shown below the connectivity status has been in "in progress" for the past…