210 questions with Microsoft Defender for Identity-related tags
How to remove personal device monitoring from Microsoft Defender
Hi Everyone, I need some help with removing personal device from monitoring in Microsoft Defender. I have created a tag, but unsure on applying it. There are few corporate devices which is not onboarded but bought and are in apple business manager which…
Actions Required After Verifying False Positives in Windows Defender
A customer support inquiry was received regarding our game executable (.exe) being detected as Trojan/Wacatac.B!ml. Several posts on our game site’s community have reported similar issues. The file in question is a program built and distributed by our…
Attack Simulation Training - Training Issue
Hi there, Re: Attack Simulation Training in Microsoft Defender We have deployed phishing campaigns and some users have been compromised. Some of these users are reporting that they have completed the training modules they've been assigned in this…
The Defender for Identity sensor(s) listed are failing to resolve IP addresses to device names
Good morning, I received this message from Azure alerts The Defender for Identity sensor(s) listed are failing to resolve IP addresses to device names using the configured protocols (4 protocols), with a success rate of less than 10%. This could impact…
How to fully Uninstall/Clean-up Microsoft Defender Endpoint
Hello, We are having issues trying to use a migration tool to move our devices to another Microsoft tenant. It seems to be struggling gaining access and deleting a regkey that is link to a service for MDE. The tool is running and using the system…
Microsoft business Premium Not Support XDR solution ?
I See Microsoft Defender XDR prerequisites Not have Business Premium i don't know support ? Even if it has email protection, identity Endpoint or the need to change plans. This link :…
회사 또는 학교 계정 관련해서 로그인이 안돼요.
지금 계정은 개인 계정이고, 같은 계정으로 회사 또는 학교 계정이 있는데, 로그인 하려고 하면 microsoft authenticator 앱을 이용해서 로그인해야 되는데, 이 앱으로 인증 코드를 받으려고 해도 오류가 발생했다는 문구만 뜨고 받을 수 없습니다. 그래서, 인증 앱을 이용하지 않고 로그인할 수 있는 방법 있나요?
Defender Attack Simulation is sending duplicate training notifications
The attack simulation in defender is sending out the duplicate training notifications, when a user is compromised, immediately after the first. Is there something in the set up that I'm missing?
Defender for Identity - gMSA error
Hi All, Need your kind advice We are trying to configure Defender for Identity using gMSA account since its currently configured using service account and sensor working fine. When we change to gMSA, the sensor connection fails and get below error. All…
Accessibility of Microsoft Applications
Hi Community, I have been facing an issue with the accessibility settings on my mobile device for some of the microsoft apps like authenticator, defender, link to windows and launcher. When I turn the access on for them after some time it is turned back…
MS Defender - How to manage Tenant Allow/Block Lists with graph api
Hi, I'm trying to create an integration to block certain URLs on Microsoft Defender with the Graph API. After looking into the documentation, I found this endpoint:…
Permissions and roles
for a user I need the role and permissions so I can read, edit, and create email threat policies for spam and phishing. are the only roles for this higher privileged ones? is there a way to adjust those permissions to lower reach?
the privacy protection on microsoft defender on my windows 11 laptop will not stay on. The vpn will not conncect
I try to turn on the identity protection and it doesn't work. I go into settings and the vpn isn't connected. I try to connect it and it fails. I am instructed to wait a few minutes and try again. I have also repaired and reset the app and the…
How i can whit list or change defender rules ,when malicious files are detected in SharePoint Online, OneDrive, or Microsoft Teams and backup failed by Veam as their is malware in file
How i can whit list or change defender rules ,when malicious files are detected in SharePoint Online, OneDrive, or Microsoft Teams and backup failed by Veaam as their is malware in file how we can make them whit list as these are legitimate files as…
Question about device and security management in multi-tenant (sub-tenant) configuration
My company is growing and has created several LLCs for various product lines. The business intent is to spin off these companies into subsidiaries. It remains to be seen if they will be a "wholly owned" or "affiliate" type…
What permission do I need to access Microsoft Defender - Incidents?
I'm currently accessing a incident on our environment but I can't access it. It gives my this error message. "You can’t access this section. Sorry, you can’t access this section. Check with your administrator for the role-based access permissions…
Microsoft Defender not reacting on suspisious URL
Hello, I have encountered a rather unpleasant situation with Microsoft Defender. We have received an incident regarding Connection to adversary-in-the-middle (AiTM) phishing site on one endpoint. The User involved has confirmed, that he had accidentally…
Role & Permissions
What are the correct roles or permissions to let a user read and edit the email threat policies in Microsoft defender portal? From what I can find it would be Security Administrator. Is there a way to lower this role so it is not as privileged, if no…
Audit and monitor removable devices from intune
Hello Team, I'm configuring an ASR rule to audit removable devices as the following: I need to know how to get these audits, I didn't find anything related to this policy in the surface attack reduction reports. Thanks, Alaa ELrayes
Is it wise to have three separate Azure tenants for Test, Prod, and Pre-Prod + Domain name security concern?
Hello everyone, Our IT department is pushing to set up three separate Azure tenants for Test, Production (Prod), and Pre-Prod environments. I’d like to get your thoughts on whether this is truly necessary, especially considering security, management…