Microsoft Defender for Cloud

nestjs microservices using grpc to azure kubenertes using the LoadBalancer service

Hello, we have deployed a nestjs microservices using grpc to azure kubenertes using the LoadBalancer service method exposing a public IP from azure. The application itself is running and working, but sporadic we are getting the status code 14 unavailable…

how can i use o365 Defender to push certain windows hostbased firewall rule on windows servers?

hi how can i use o365 Defender to push certain windows host based firewall rule on a windows servers hosted on azure or managed with Azure Arc? and if defender cannot do it , what are the alternative tools ?

SQL Server: Defender for SQL Server Configuration Issues – Status Not Displayed

I have an SQL Server, and I attempted to configure Defender for SQL Server. However, even after a day, it has not been configured properly, and the menu showing the "Protected" or "Not Protected" status does not appear as expected.…

Hunting: why some quiries is not working like user name, InitiatingProcessCommandLine , user Id and a lot of them thee is redline under it while it is correctly connected with intune and avaliable

example and most of my quries is like this

Endpoint defender

I I have intune license why i cant unable it in order to push the devices on board?

How rollback Microsoft defender plan settings?

Hi, I just accidentally click the 'Upgrade' button and enabled Microsoft defender trail plan for 4 subscriptions while I was logining Azure SQL databases. Can you tell me how can I rollback that? Because need approval before enable that. Thanks. Best…

Security Center Remediate security configurations-Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE'

Can some help me remediate this security center "Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE'" I have web server (IIS) installed in my VM , The recommended state for this setting is: LOCAL SERVICE,…

Issue with Defender Recommendations - Linux virtual machines should enable Azure Disk Encryption or EncryptionAtHost.

HI i have 3 virtual machines in azure i have enabled one week back Encryption at host for all machines - Now am seeing - Recommendations - Virtual machines and virtual machine scale sets should have encryption at host enabled is now in healthy…

Ensuring User Reauthentication and Consolidating Functions with XDR

Issue Description: The CloudApp portal, which facilitated user reauthentication, has been removed. As a result, we need to find a new method to prompt users to sign in again for security purposes. Objective: Our goal is to implement a seamless…

Connect Defender for Servers to Log Analytics Workspace

We've enabled Defender for Servers and I'd like to confirm how to connect it to our Log Analytics Workspace. The Microsoft Defender XDR connector is already installed, but do we need to install the Microsoft Defender for Cloud connector for this? The…

How to fix error or warning at this in microsoft defender portal

I am receiving this notification from the Defender "Insecure SSH private key"

I am receiving this notification from the Defender "Insecure SSH private key" Defender for Servers found a plaintext SSH private key that is part of a pair. It is important to secure the private key to avoid its misuse or leakage. But on the…

'Wacatac' malware was detected (Agentless preview)

Hi Team on one of the linux machine Microsoft Defender for Cloud in Security alerts shows malware how to remediate it.

Info required for migration of MMA to Windows defender Unified agent.

Please help me to identify the specific process for that Microsoft Defender unified agent is running on the server. Scenario is that there are some servers in the environment running with 2012R2 and 2016. And MMA is running on the servers. As a result,…

Custom recommendation I created doesn't get triggered as a recommendation in defender for cloud

I am trying to make custom recommendations work. I created a custom recommendation that looks meta data of a keyvault and checks if PublicNetworkAccess is enabled if so then it finds "iprules" in meta data. If it can see the word…

Defender 365 admin console - Disabled Connected to a custom indicator & Connected to a unsanctionned blocked app rules

I want to know how I can disable these two following alerts : Disabled Connected to a custom indicator Connected to an unsanctioned blocked app I didn't find these alerts on the Alerts Policy of XDR/EPP or Cloud apps. Since all the changed that…

Improving CVE checks in Microsoft Defender for Cloud

What are some ways to enhance and evaluate checks for CVE's in Microsoft Defender for Cloud? Could someone please provide a detailed guide or article on how to accomplish this?

Antivirus Migration from McAfee to Defender for Server

Hi All, I am currently working on a plan to migrate my antivirus for my servers from mcAfee to Microsoft defender for Server. I would like to know if there is a recommended plan on how to go about this? is there a url where I can have an estimate…

Defender Vulnerability Remediation Query

I have some Linux azure vm for which we have vulnerability to be resolved as per defender for cloud vulnerability recommendation. What is know is there a way to remediate all vulnerability findings through azure portal. And 2. We are using…

How to Onboard Windows servers to Microsoft Defender for Endpoint using Defender for Cloud

We have configured Microsoft Defender for Server Plan 1 in our environment. How to Onboard windows server automatically in Microsoft defender for endpoint using Defender for cloud. Where we can see the device reporting and logs. What are the RBAC…