166 questions with Microsoft Defender for Identity-related tags
HackTool:Win32/AutoKMS Alert detected for VB.Net Exe
.Net EXE is flagging for Win32/AutoKMS. By checking the code we do not see anything which should be a problem: Please suggest on what should be done further on this
Defender Self loop back VPN + Company VPN
Hello everyone, I'm currently working on iPhone enrollment with the Company Portal and Defender iOS app. I appreciate Defender's local VPN option as it adds web protection, but I noticed when I activate my company VPN (needed for some apps), the…
OpenSSL vulnerabilities showing in Defender Dashboard
We have multiple devices showing up with OpenSSL vulnerabilities. It is detecting two dll files that it is flagging. Which they are libssl-3-x64.dll and libcrypto-3-x64.dll. It is flagging this for multiple different applications through out multiple…
Microsoft.Tri.Sensor.Updater.exe Sensor
Hi, How install sensor in DC server. Need to know any troubleshooting steps for Microsoft.Tri.Sensor.Updater.exe sensor if possible share the deep dive document about sensor
Managed installer errors for specific devices
Hello Please i need your help on this issue. We are trying to roll out Windows Defender Application Control (WDAC) to the devices however, when we enabled the managed installer it is failing on some of the devices. When I export the devices status the…
ResourceNotFound for defender for Identity incidents
Hi, we are trying to get Defender for Identity incidents using this: curl -X GET https://api.security.microsoft.com/api/incidents/{} -H "Accept: application/json" -H "Authorization: Bearer <>" -H "Content-Type:…
How to get the impacted asset (user or client) when fetching alerts (v2) from Defender using API?
Hello, I followed this documentation to list alerts from Defender https://learn.microsoft.com/en-us/graph/api/security-list-alerts_v2?view=graph-rest-beta&tabs=http While I am getting the output, it is very different from when I fetch the alerts…
Please allow subscriptions on new Alerts API (/alerts_v2)
Hi, To automate the remediation of high-level alerts, we have set up Powerautomate flows for : revoke sessions and block a user concerned by a High alert in cases of phishings or abnormal connections (UserEvidence) isolate workstations in cases of…
Not allowing to connect Sentinel Data connector with Defender XDR
Hello, I was trying to connect the "Microsoft Defender XDR" connector with "Microsoft Sentinel", but I am facing the below error. I am not sure why Sentinel is not allowing to establish the XDR connector. As I am the Owner of the…
Microsoft Endpoint DLP
If I want to Deploy Microsoft Endpoint DLP in my organization? What kind of licenses do I required. I already have Business basic & Business Standard licenses with me will that work?
A Microsoft Intune license was not found
I'm trying to enable defender for endpoint and I'm getting this error. I already have E3 license assigned to me. How to fix this?
No License Found - Microsoft Defender
Hi there, I am seeing the following message when opening Microsoft Defender on a Mac (deployed via Intune). We do have Defender license assigned to user via Business Premium. We already have set section 1 set to Windows 10 and 11 in Microsoft Defender…
Visual Studio blocked by MS Defender
Microsoft defender blocked visual studio 2022 ( C#) and I can't enter windows forms, console, etc. Please help.
ImpossibleTravelActivity query filtering out "non-interactive sign-ins"
Since Microsoft disabled all useful policies like Impossible travel i created new custom rule. BehaviorInfo | where ActionType == "ImpossibleTravelActivity" | join BehaviorEntities on BehaviorId So now the issue is that i cannot find how to…
Defender for Identity: How to resolve Health Issue "Auditing on the Configuration container is not enabled as required"?
Hi, I have tried to resolve this MDI Health Issue "Auditing on the Configuration container is not enabled as required" for over a week now, but sadly without sucess. I have followed the instructions posted here…
Security Recommendations for LAPS are outdated
These recommendations in the Microsoft Secure Score seems to be ignoring the new Windows LAPS and looking at the old LAPS. When we changed over to the Windows LAPS, these recommendations started getting flagged. I thought Microsoft would eventually…
How to secure my network from getting exploit
@Anonymous I have purchased Defender for Endpoint P2 license i want to block hackers to exploit in my network as i dont have firewall installed in my network. Is there any feature in plan 1 or plan 2 which helps in blocking and provide network…
laptop is protected and cant format/reset it
i have an Asus laptop that was joined to domain and also added on Defender , after sometime i disjoined the laptop and now i want to format this laptop but i cant access the USB on it it shows "Access denied" and i have tried to do Reset from…
Microsoft Defender Device Inventory Export not downloading.
when we try and do an export we get the error shown. Tried edge and chrome and firefox and cant download it. Is there something i can check to see why it wont download?
Can you please provide me the API details for this?
I want to get the Microsoft Message encryption report and Alerts from Microsoft Compliance programatically using API. Manually I do the process in the following way: Message Encryption Report: Link:…