Microsoft Defender for Cloud

o365 Defender Portal Incident Notifications

I have followed articles online to setup email notifications for incidents in the defender portal for medium and high detections. I noticed a medium incident in the portal which I did not get an email for. I have read articles online of others having the…

nestjs microservices using grpc to azure kubenertes using the LoadBalancer service

Hello, we have deployed a nestjs microservices using grpc to azure kubenertes using the LoadBalancer service method exposing a public IP from azure. The application itself is running and working, but sporadic we are getting the status code 14 unavailable…

How to fully Uninstall/Clean-up Microsoft Defender Endpoint

Hello, We are having issues trying to use a migration tool to move our devices to another Microsoft tenant. It seems to be struggling gaining access and deleting a regkey that is link to a service for MDE. The tool is running and using the system…

How to onboard Defender via userdata scripts?

I am trying to onboard defender to windows servers. By following onboarding steps 1 to 4 in this doco, I was able to onboard defender to windows servers manually. However, we are using userdata powershell scripts for our windows server. I need to put all…

Defender Attack Simulation Training Data Retrival through graph API

I am retireving data from attack simulation training using graph api to devolop Power BI dashboards. How ever when I retriving data from getAttackSimulationTrainingUserCoverage always completionDateTime getting 'null' even trainingStatus = 'completed', I…

Blank pages or menu in Microsoft Defender for Cloud

Hi, I have some issues with using Defender for Cloud recently. I am trying to manage my compliance standards to monitor for my subscriptions using the "Regulatory compliance" blade. But as is showing my screenshot, the menu bar is missing. I…

This recommendation is applicable only for resources with MDE discovered.

Hi all, In my microsoft defender I am getting the recommendation as "EDR solution should be installed on Virtual Machines", and in the reason I am getting "This recommendation is applicable only for resources with MDE discovered.".…

Can I set an owner on a recommendation in defender for cloud without using governance rules?

We already used governance rules to set owner on severity "high" recommendations in defender for cloud. Now we need to set owners more specific, depending on resource tags. For example we have a recommendation "Windows servers should be…

Custom recommendation I created doesn't get triggered as a recommendation in defender for cloud

I am trying to make custom recommendations work. I created a custom recommendation that looks meta data of a keyvault and checks if PublicNetworkAccess is enabled if so then it finds "iprules" in meta data. If it can see the word…

Hunting: why some quiries is not working like user name, InitiatingProcessCommandLine , user Id and a lot of them thee is redline under it while it is correctly connected with intune and avaliable

example and most of my quries is like this

MS Defender agent uninstalling - Complete #help

Hello Community I have a VM where a 3rd party AV is installed , previously we were using MS defender endpoint but it was giving pain for redhat machines. Problem : I have a win10 VM where i have uninstalled the MDE agent from extension . but…

how can i use o365 Defender to push certain windows hostbased firewall rule on windows servers?

hi how can i use o365 Defender to push certain windows host based firewall rule on a windows servers hosted on azure or managed with Azure Arc? and if defender cannot do it , what are the alternative tools ?

SQL Server: Defender for SQL Server Configuration Issues – Status Not Displayed

I have an SQL Server, and I attempted to configure Defender for SQL Server. However, even after a day, it has not been configured properly, and the menu showing the "Protected" or "Not Protected" status does not appear as expected.…

Endpoint defender

I I have intune license why i cant unable it in order to push the devices on board?

How rollback Microsoft defender plan settings?

Hi, I just accidentally click the 'Upgrade' button and enabled Microsoft defender trail plan for 4 subscriptions while I was logining Azure SQL databases. Can you tell me how can I rollback that? Because need approval before enable that. Thanks. Best…

Security Center Remediate security configurations-Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE'

Can some help me remediate this security center "Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE'" I have web server (IIS) installed in my VM , The recommended state for this setting is: LOCAL SERVICE,…

Issue with Defender Recommendations - Linux virtual machines should enable Azure Disk Encryption or EncryptionAtHost.

HI i have 3 virtual machines in azure i have enabled one week back Encryption at host for all machines - Now am seeing - Recommendations - Virtual machines and virtual machine scale sets should have encryption at host enabled is now in healthy…

Ensuring User Reauthentication and Consolidating Functions with XDR

Issue Description: The CloudApp portal, which facilitated user reauthentication, has been removed. As a result, we need to find a new method to prompt users to sign in again for security purposes. Objective: Our goal is to implement a seamless…

Connect Defender for Servers to Log Analytics Workspace

We've enabled Defender for Servers and I'd like to confirm how to connect it to our Log Analytics Workspace. The Microsoft Defender XDR connector is already installed, but do we need to install the Microsoft Defender for Cloud connector for this? The…

How to fix error or warning at this in microsoft defender portal