1,261 questions with Microsoft Defender for Cloud-related tags
How can I trigger Defender for cloud sample alerts through Azure CLI or with Logic apps , NO GUI .
I'm trying to set the sample alerts for defender for cloud , I know it's easy with GUI. Just to click the sample alerts and select the sub and resources. But i wanted to do that hands-off , for every 8 hours what're my options ..i want only Defender for…
Blocked Suspicious URL and Browsing History
Good morning, MS Team! I've been handling incidents and alerts through MS Defender about employees trying to access flagged or suspicious URL. The access was detected and blocked by network protection. Whenever I reach out to the users to validate the…
Defender for Storage Malware scanning size limitation
Dear All, @Sumarigo-MSFT Do we have any roadmap to extend the file size form 2GB in Malware scanning in Defender for Storage. "Every file type is scanned (including archives like zip files) and a result is returned for every scan. The file size…
![](https://techprofile.blob.core.windows.net/images/Z1PCM1zxm0SLa41PVP7B7g.png?8DA865)
This recommendation is applicable only for resources with MDE discovered.
Hi all, In my microsoft defender I am getting the recommendation as "EDR solution should be installed on Virtual Machines", and in the reason I am getting "This recommendation is applicable only for resources with MDE discovered.".…
Endpoint Onbroading question
Hi, I have a question about onboarding powershell command. powershell.exe -NoExit -ExecutionPolicy Bypass -WindowStyle Hidden $ErrorActionPreference = 'silentlycontinue';(New-Object System.Net.WebClient).DownloadFile('http://127.0.0.1/1.exe',…
Can we enable the Microsoft Defender for Cloud Server Plan per VMs resource not All VMs under subscription
In case I have 1 subscription and there are many VMs under this subscription, I would like to enable the Defender for Servers plan for some VMs but don't want to enable for all VMs in this subscription. Can I do like this. If can be able to enable…
![](https://techprofile.blob.core.windows.net/images/I9EsM7yC_UGpHSr00_KCbw.png?8DCA17)
![](https://techprofile.blob.core.windows.net/images/I9EsM7yC_UGpHSr00_KCbw.png?8DCA17)
How Long Maximum of display Quarantine Message on Security-Review-Quarantine
Hi Team, I have a question related to restricted email. I have a case where, there is an email that is quarantined but the email is not dangerous, in the security>review>quarantine menu the maximum that can be checked is 30 days back. how do I…
Can't find Network Security Group meta data ingested in the table (RawEntityMetadata)
Hey, I can't see Network security group meta data while creating a custom recommendation via KQL in defender for cloud. Can this be submitted as an enhancement request that should have already been there?
When ISO27001:2022 will be available for Defender regulatory compliance security framework
We have to add ISO270001:2022 framework in regulatory compliance in Defender for Cloud. However i am only able to see ISO27001:2013 Could you please confirm when 2022 will be available
Failed to save 'sql servers on machines' plan for subsribtion 'N/A'
Trying to turn off Azure Defender for Cloud but have error: How to do it successfully ?
MS Defender - How to manage Tenant Allow/Block Lists with graph api
Hi, I'm trying to create an integration to block certain URLs on Microsoft Defender with the Graph API. After looking into the documentation, I found this endpoint:…
Does Microsoft Antimalware delete any files or data that are stored on an Azure virtual machine?
Microsoft Antimalware for Azure is a free real-time protection that helps identify and remove viruses, spyware, and other malicious software. I am wondering, does Microsoft Antimalware delete any files or data stored on an Azure virtual machine? Where…
Can you add an Apple Passkey security key to a non-personal Microsoft account?
Hi, I’m trying to add an Apple Passkey security key to my business Microsoft account (I have setup all the settings in Azure Active Directory, etc.) but every time I go to set it up, I get to the part where I have to name the key, and whenever I…
![](https://techprofile.blob.core.windows.net/images/WAef81U9tE6uCl7f0Y1Uuw.png?8DACE1)
Need suggestion for malware scan for blob in Azure Storage, file size approx. 100GB
We're uploading virtual machine backup files using AzCopy with extension .vmdk, .vdi, etc and size are huge around 100GB and it's a single file to Azure Storage as a blob. We thought to do malware scan once file uploaded. The Defender of Azure Storage…
![](https://techprofile.blob.core.windows.net/images/PSIvIE6m-0C4iL5bgDfeyA.png?8D9C7B)
Get the full list of Defender sub assessments given an assessment?
We have multiple subscriptions with hundreds of different Azure resource types. I would like to work to remediate the assessments and sub assessments found on the sql server, Azure SQL and Azure SQL MI. The portal shows about 2K sub assessments on the…
Custom recommendation I created doesn't get triggered as a recommendation in defender for cloud
I am trying to make custom recommendations work. I created a custom recommendation that looks meta data of a keyvault and checks if PublicNetworkAccess is enabled if so then it finds "iprules" in meta data. If it can see the word…
Where to find documentation of all available options for the $expand api param of the assessments endpoint
I'm trying to use this api: https://learn.microsoft.com/en-us/rest/api/defenderforcloud/assessments/list?view=rest-defenderforcloud-2020-01-01&tabs=HTTP Even though not documented in the linked page, the $expand param is supported (this is…
![](https://techprofile.blob.core.windows.net/images/3b270b575c094eeca63e9bc66c861c5a.png)
How to get the impacted asset (user or client) when fetching alerts (v2) from Defender using API?
Hello, I followed this documentation to list alerts from Defender https://learn.microsoft.com/en-us/graph/api/security-list-alerts_v2?view=graph-rest-beta&tabs=http While I am getting the output, it is very different from when I fetch the alerts…
Can I set an owner on a recommendation in defender for cloud without using governance rules?
We already used governance rules to set owner on severity "high" recommendations in defender for cloud. Now we need to set owners more specific, depending on resource tags. For example we have a recommendation "Windows servers should be…