151 questions with Microsoft Defender for Cloud-related tags
Custom recommendation I created doesn't get triggered as a recommendation in defender for cloud
I am trying to make custom recommendations work. I created a custom recommendation that looks meta data of a keyvault and checks if PublicNetworkAccess is enabled if so then it finds "iprules" in meta data. If it can see the word…
Troubleshooting missing secure score for Microsoft Cloud Defender continuous export
I have 5 subscriptions that are configured for continuous export. However, when I look at the workbooks for secure score over time, only 3 out of the 5 subscriptions are showing the current score. I have checked all the settings, and everything seems to…
SQL Server: Defender for SQL Server Configuration Issues – Status Not Displayed
I have an SQL Server, and I attempted to configure Defender for SQL Server. However, even after a day, it has not been configured properly, and the menu showing the "Protected" or "Not Protected" status does not appear as expected.…
'Wacatac' malware was detected (Agentless preview)
Hi Team on one of the linux machine Microsoft Defender for Cloud in Security alerts shows malware how to remediate it.
Info required for migration of MMA to Windows defender Unified agent.
Please help me to identify the specific process for that Microsoft Defender unified agent is running on the server. Scenario is that there are some servers in the environment running with 2012R2 and 2016. And MMA is running on the servers. As a result,…
How to get the impacted asset (user or client) when fetching alerts (v2) from Defender using API?
Hello, I followed this documentation to list alerts from Defender https://learn.microsoft.com/en-us/graph/api/security-list-alerts_v2?view=graph-rest-beta&tabs=http While I am getting the output, it is very different from when I fetch the alerts…
Microsoft defender is alerting for vulnerable version of nuget package in Azure Function's ".azurefunctions/function.deps.json" file"
Hi Champs, I'm facing a typical problem with my function app and MS defender for cloud. Defender is raising issues for my deployed function(written in c#) as: Even after installing latest nuget package, "function.deps.json" file is not…
Defender for Red Hat Linux
My customer just migrated most of the environment running in Azure. We have bunch of Red Hat Linux servers will be migrated to Azure VMs. We are going to protect our Windows and Linux Environment using Microsoft Defender. However, there were issues…
FIM in defender not showing file changes for newly created file after 3 days also.
Team, I have enabled FIM on one of the Resource Group it has created one default Log Analytics Workspace, DCR rule. We executed a script that will create test file on all VM's in /etc and C:\windows\system32 directory. But those changes are not yet…
Run a phishing simulation
No matter what type of simulation I am doing. They are not working.
Where to find documentation of all available options for the $expand api param of the assessments endpoint
I'm trying to use this api: https://learn.microsoft.com/en-us/rest/api/defenderforcloud/assessments/list?view=rest-defenderforcloud-2020-01-01&tabs=HTTP Even though not documented in the linked page, the $expand param is supported (this is…
Microsoft Defender against Palo Alto Cortex
I am tasked to compare Palo Alto Cortex solution on our existing Windows workstations against MS Defender for Endpoint. There is several articles about this and my first conclusion is, that Defender might have only small weakness against Palo Alto but I…
Add cloud defender to workspace
I am trying to add MS Cloud Defender to the workspace but it fails and I do not know the reason
I am receiving this notification from the Defender "Insecure SSH private key"
I am receiving this notification from the Defender "Insecure SSH private key" Defender for Servers found a plaintext SSH private key that is part of a pair. It is important to secure the private key to avoid its misuse or leakage. But on the…
Why is that exempted pods show up on affected pods list?
I configured disable rule on "Azure running container images should have vulnerabilities resolved" by specifying their image digests but I still see the the images on affected pods list. Why is that?
Inventory PST files based on computers in the Organizational Unit (OU) in Active Directory
Hello, I'm looking for a script/tool to collect information on all PST files located in user computers. What is the best and most efficient way to accomplish this?I have an inventory with this informations : ComputerName,UserName,EmailAddress,Pst File…
The endpoint provided by azure is not returning the correct list of extensions for defender plan & pricings
Service:Defender for Cloud API Version:2024-01-01 This endpoint provided by in azure documentation is not listing all the extensions that are enabled in the portal. GET…
Transition to Microsoft Defender Vulnerability Management - java sdk, SecuritySubAssessmentInner AdditionalData problem
Hi, We want to migrate from https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-containers-vulnerability-assessment-azure to https://learn.microsoft.com/en-us/azure/defender-for-cloud/agentless-vulnerability-assessment-azure which is…
Windows Defender MpCmdRun.exe Custom Scan Automation Job Failing intermittently in Production Environment using TeamCity Tool
Hello Microsoft Community, We are currently facing an issue with our TeamCity build automation, specifically related to the custom virus scan using the MpCmdRun.exe command-line utility. Our setup involves executing the command: MpCmdRun.exe -Scan…
Can be onboarded
In the security.microsoft.com portal many devices onboarding status showing as "can be onboarded" Let me know how to change the status to onboarded.