178 questions with Microsoft Defender for Identity-related tags
Defender XDR - Broswer extension
Hello, We have the all Defender P1/P2 plan, etc. We had in the past few months in the device page the software inventory->Browser extension. Now, we can received the Data from there and would like to know if something change in the platform or if i…
suspicious log in defender for endpoint
Hi everyone, I stumbled upon these logs from a machine, they seem very suspicious and not normal, should I be worried? Thanks.
Windows Defender Protection History Deletion Issue
Dear Microsoft Support Team, I hope this finds you well. I am writing to seek your assistance in resolving an issue I am facing related to Windows Defender Protection History. I wish to delete the history for security and privacy reasons; however, I am…
About Authenticator app
I had to change my instagram password and during login I can't find instagram on authenticator app. Kindly help
How to export payload domains and sender addresses from Attack simulation portal from M365 security defender? Is there way to get all those domains and sender addresses so that we can use for attack simulations based on our choice?
How to export payload domains and sender addresses from Attack simulation portal from M365 security defender? Is there way to get all those domains and sender addresses so that we can use for attack simulations based on our choice and know that its the…
Blocking Personal Devices While Allowing MFA for Specific Applications
Hello team, Could you please send me steps on how I can block personal devices but allow MFA access for specific applications like Citrix. Thank you for your help
Using KQL in Microsoft Defender to Query files on user computers
Hello, can anyone help me with querying all computers (Windows 10 and 11) in our organization to find the location of files with a specific extension *.ref using KQL in Advanced Hunting? Is it possible to base this query on the Organizational Unit (OU)…
User reports Microsoft Authenticator prompt 'ROJMP' - Logging does not show any attempts
Hi all, We recently got a call from a user who said he got a Microsoft Authenticator authentication prompt for something called 'ROJMP'. He did not know what it was for so he declined the prompt and, to be safe, he changed his passwords. He only uses his…
API Advanced Hunting IdentityLogonEvents error
Hi everyone, I'm trying to get the Identitylogonevents result from the API, and I get a forbidden error message, I gave all rights, read all Microsoft documentation and article I found nothing. i have test all this API : #$url =…
How to block *.pdf.msi in Microsoft Defender
I was reading through security news and came across this article https://www.bleepingcomputer.com/news/security/microsoft-teams-phishing-pushes-darkgate-malware-via-group-chats/ There is a known file type of .pdf.msi that we as a company are wanting to…
Windows Defender MpCmdRun.exe Custom Scan Automation Job Failing intermittently in Production Environment using TeamCity Tool
Hello Microsoft Community, We are currently facing an issue with our TeamCity build automation, specifically related to the custom virus scan using the MpCmdRun.exe command-line utility. Our setup involves executing the command: MpCmdRun.exe -Scan…
Deploying MDI to multiple On-premise DC for monitoring purposes
Hello Team, When deploying MDI to all my on-premise domain controllers for monitoring purposes. Do I need to add new sensors for each dc? or can I use the package and access key from one sensor to all my dc's? Thank you!
Unable to install Nov 23 patch KB5032189 - curlx.exe has been quarantined by Defender
We have a lot of machine that is currently pending to be install with Nov23 patch KB5032189 . we identified based on the CBS logs that curl.exe has been corrupted. Based on Threat and Virus Protection, Defender has quarantined the mentioned file.…
Azure Active Directory Identity Protections Risk Detections not all integrate into 365 Defender for indentity
Hi, We have enabled "User report suspicious activities" in the Azure AD Multi-Factor Authentication settings. We do have a user report fraud via authenticator. And Azure Active Directory Identity Protections Risk Detections triggered…
Microsoft Defender for Identity vs. Entra ID Protection differences?
Hi Folks, What are the differences between Microsoft Defender for Identity vs. Entra ID Protection? My Environment is already on Entra ID Premium P2, and some of my users already have M365 E5 license According to this article:…
How to determine if the Application or Service Principal can be safely deleted in Entra ID?
Folks, I require some assistance and explanation before deleting the App registrations or Enterprise applications based on the below indication: Owners: empty. Users and groups: empty. Sign-in Logs: no activity in the past 30 days (maximum…
The recyle Bin on C:\ is corrupted. Do you want to empty Recyle Bin for this drive?
The recyle Bin on C:\ is corrupted. Do you want to empty Recyle Bin for this drive? I say NO!!!!! it seem that when I choose yes the windows system drive, window apps, vital programing is deleted by choosing Yes. please help fixing this problem. It seem…
How to leverage Defender for Identity for Azure Domain Services
Is there a way to install sensor for Azure DS? we are fully cloud based, however there are some legacy apps that are still accessing some vms which are joined to azure DS, so can we use / install the sensor to look at those identities?
Microsoft Defender for Identity (ATP) Pricing
Hi, I was reviewing my cost consumption when I saw that Advanced Threat Protection increased. For the last few months ATP was +-$109 but for the last month ATP was $618. I don`t have any sensors. Could you help with Microsoft Defender for Identity…
Monitor one on-premise group and alert one user.
I have an on-premises group that is sensitive and needs to be monitored not just by IT but also the Devs that manage the project. So, when a user gets dropped into the group they want to be notified. I set up a custom rule in D4ID but it only goes to IT,…