1,147 questions with Microsoft Defender for Cloud-related tags
Want to know Defender CSPM standard plan features in detail.
Want to know Defender CSPM standard plan features in detail. Can anyone help from where i can get the elaborated features details of CSPM standard plan. Below are the features which we have in CSPM standard plan. 1.Identity and role assignments…
Azure defender for cloud
Currently Azure defender for cloud helps us to check the NIST compliance. I am wondering what additional security measures Azure defender for cloud offers. For example, does it have extra measure to fight against Bots/DDoS Attacks, or does it scan our…
Request for Assistance: Identifying the Optimal Method for Data Filtering and Management
Dear Team, I hope this message finds you well. I am reaching out to seek your expertise and insights regarding a crucial aspect of our data management process. Background: We are currently working on optimizing our data filtering and management pipeline,…
Microsoft Defender for Cloud - exclude ARC enabled machines
Hi all, I have a mix of normal vms and arc-eneabled machines in my subscription. The arc-enabled machines already have enpoint protection software installed so endpoint protection through MDFC is not needed for these machines. I was wondering if I can…
Compliance policies not evaluated for every device in Microsoft Intune.
Hi, I've recently been tasked with updating all of our endpoints to have Microsoft Defender for Endpoint. We have upgraded to Business Premium licenses which come the MDE and Intune. I've successfully onboarded 4 devices for testing through MDE, and the…
I am receiving this notification from the Defender "Insecure Azure storage account connection string"
I am receiving this notification from the Defender "Insecure Azure storage account connection string" Defender for Cloud found a plaintext storage account connection string. It is important to secure the connection string to avoid its leakage…
Does the Azure monitor agent collect logs with default settings?
Hello! I have the scope of Azure Arc-enabled servers (on-premise, not Azure VM). There are Azure monitor agents (AMA) installed, so I think that when AMA was deployed, then logs started to be sent to our workspace. I see on the Data collection rules…
differences between 2 trusted IP ranges in Azure
There are multiple places in Azure one can define trusted IP ranges. Two of them are: Security Portal\settings\cloud apps\IP address rages Entra portal \ security \ named locations What are differences between these 2 lists? Which one is used as…
NIST checklist
Hi, we are trying to comply with NIST standard. Microfost Defender for Cloud offers NIST checklist. While I working through the list, I am quite confused. One of the failure item is 'Azure Defender for servers should be enabled' which is in regards to…
Is there a way to block "Microsoft Azure PowerShell" for all users?
Greetings, I'm afraid that this one can't be blocked by design, but I will ask anyway. Is there a way to block login attempt from Microsoft Azure PowerShell? We are constantly probed from all around the world, and I can't see to figure out how to block…
How can I exclude salesforce chrome extension from conditional access app control policies
I'm testing Salesforce app monitor using MCASB session control policies. To redirect Salesforce app access to MCASB, I created conditional access policies with conditional access app control. Salesforce team is using chrome extension that stop…
Inventory PST files based on computers in the Organizational Unit (OU) in Active Directory
Hello, I'm looking for a script/tool to collect information on all PST files located in user computers. What is the best and most efficient way to accomplish this?I have an inventory with this informations : ComputerName,UserName,EmailAddress,Pst File…
I am receiving this notification from the Defender "Insecure SSH private key"
I am receiving this notification from the Defender "Insecure SSH private key" Defender for Servers found a plaintext SSH private key that is part of a pair. It is important to secure the private key to avoid its misuse or leakage. But on the…
Missing options in Microsoft Defender Dashboard alert investigation
Hello all, I miss some options in the Alerts investigation of the Defender Dashboard. When investigating DLP related alerts, I was able to read the document which triggered the alert where the sensitive info was contained and sometimes the surrounding…
Segregate management and operations of Defender for Cloud
I have a business requirement to segregate the management and operations of Defender for Cloud for multiple subscriptions in a single tenant structure. Currently for all subscriptions, Defender for Cloud is managed by users assigned with Security Admin…
What is "Log Analytics agent should be installed on virtual machines" recommendation
I have got this recommendation by Defender for cloud - "Log Analytics agent should be installed on virtual machines". As know that log analytics agent is going to be deprecated by 31st August this year. So If I go ahead with this recommendation…
OpenSSL vulnerabilities showing in Defender Dashboard
We have multiple devices showing up with OpenSSL vulnerabilities. It is detecting two dll files that it is flagging. Which they are libssl-3-x64.dll and libcrypto-3-x64.dll. It is flagging this for multiple different applications through out multiple…
How to disable Microsoft Defender for cloud
Hi I'm practicing cloud, currently my subscription ended and I'm on pay as you go model with Basic Plan. Now Issue is this Microsoft Defender from cloud is costing me a lot almost half of my bill as per cost analysis. Considering I'm not using cloud for…
WHEN was device onboarded to defender?
Hello I am attempting to see WHEN our devices were onboarded to defender, like a date and time. I can see there is a "First Seen" but that refers to a "when the device was first seen in the network or when it's first reported by the…
Why is that exempted pods show up on affected pods list?
I configured disable rule on "Azure running container images should have vulnerabilities resolved" by specifying their image digests but I still see the the images on affected pods list. Why is that?