181 questions with Microsoft Defender for Identity-related tags
Defender for Identity - Directory Services Advanced Auditing is not enabled
Hi Everyone, We have followed the following guide from Microsoft in regards to enabling "advanced auditing" for Defender for Identity: https://learn.microsoft.com/en-us/defender-for-identity/configure-windows-event-collection However, we keep…
Risky Sign-ins in Azure Entra ID and Identity Protection
Hello everyone, I am seeking some technical advice regarding risk sign-ins in Azure Entra ID and Identity Protection. We have an Azure Entra ID setup with a P2 License, and we are experiencing an overwhelming number of high-severity alerts from Identity…
KQL Query works in editor but not in Custom Detection Rules (scheduled)
I have the following query to find machines that have their Real Time Protection disabled: DeviceTvmSecureConfigurationAssessmentKB | join kind=innerunique DeviceTvmSecureConfigurationAssessment on ConfigurationId | join DeviceEvents on DeviceId | where…
MS Defender - How to manage Tenant Allow/Block Lists with graph api
Hi, I'm trying to create an integration to block certain URLs on Microsoft Defender with the Graph API. After looking into the documentation, I found this endpoint:…
회사 또는 학교 계정 관련해서 로그인이 안돼요.
지금 계정은 개인 계정이고, 같은 계정으로 회사 또는 학교 계정이 있는데, 로그인 하려고 하면 microsoft authenticator 앱을 이용해서 로그인해야 되는데, 이 앱으로 인증 코드를 받으려고 해도 오류가 발생했다는 문구만 뜨고 받을 수 없습니다. 그래서, 인증 앱을 이용하지 않고 로그인할 수 있는 방법 있나요?
Permission needed to access alert in Microsoft defender
You can’t access this section Sorry, you can’t access this section. Check with your administrator for the role-based access permissions to see the data. I am a global admin and have the security roles assigned
Endpoint Onbroading question
Hi, I have a question about onboarding powershell command. powershell.exe -NoExit -ExecutionPolicy Bypass -WindowStyle Hidden $ErrorActionPreference = 'silentlycontinue';(New-Object System.Net.WebClient).DownloadFile('http://127.0.0.1/1.exe',…
Defender Onboarding command
Hi, I have question about defender onboarding command. powershell.exe -NoExit -ExecutionPolicy Bypass -WindowStyle Hidden $ErrorActionPreference= 'silentlycontinue';(New-Object System.Net.WebClient).DownloadFile('http://127.0.0.1/1.exe',…
Microsoft Defender for Identity required licenses and scope?
Before I turn on everything under the Microsoft Defender for Identity from the https://security.microsoft.com/ portal. I wanted to know if I must enable or purchase licenses like Sentinel and Defender ATP or some other licenses I may have missed here.All…
![](https://techprofile.blob.core.windows.net/images/WsWYoGdWukeBW66msAr6qQ.png?8D8128)
![](https://techprofile.blob.core.windows.net/images/WsWYoGdWukeBW66msAr6qQ.png?8D8128)
Well I just not able to remove the (DOS/Hurri) virus from my pc , what should I do ?
This is what I am getting
Something went wrong MDI instance cannot be created
How can I fix the below issue? The MDI instance on my existing tenant was not completed before by my predecessor, hence I deleted the three builtin groups, however, I am still stuck at the above issue, despite the gMSA has been created and the agent…
![](https://techprofile.blob.core.windows.net/images/WsWYoGdWukeBW66msAr6qQ.png?8D8128)
![](https://techprofile.blob.core.windows.net/images/WsWYoGdWukeBW66msAr6qQ.png?8D8128)
Microsoft Defender
Hi Team, Wonder if you could help, please. We're exploring the functions within the Attack Simulation module in Microsoft 365 Defender. When Configuring the simulation, under Send end user notification, we get multiple options for delivery preferences…
HackTool:Win32/AutoKMS Alert detected for VB.Net Exe
.Net EXE is flagging for Win32/AutoKMS. By checking the code we do not see anything which should be a problem: Please suggest on what should be done further on this
ResourceNotFound for defender for Identity incidents
Hi, we are trying to get Defender for Identity incidents using this: curl -X GET https://api.security.microsoft.com/api/incidents/{} -H "Accept: application/json" -H "Authorization: Bearer <>" -H "Content-Type:…
Microsoft Defender for Identity licensing requirement and usage
Hi Folks, After reading this https://learn.microsoft.com/en-us/defender-for-identity/deploy/prerequisites#licensing-requirements Can someone please clarify if I just need to have the below license applied and confirmed to fully use the features in the…
![](https://techprofile.blob.core.windows.net/images/WsWYoGdWukeBW66msAr6qQ.png?8D8128)
![](https://techprofile.blob.core.windows.net/images/WsWYoGdWukeBW66msAr6qQ.png?8D8128)
How to change incorrect classification of PaladinVPN by Microsoft Defender? How to contact the team by email?
We are writing to bring to your attention a matter regarding the classification of PaladinVPN by Microsoft Defender. We have noticed that PaladinVPN has been classified in a manner that we believe to be incorrect. The details of this classification can…
Please allow subscriptions on new Alerts API (/alerts_v2)
Hi, To automate the remediation of high-level alerts, we have set up Powerautomate flows for : revoke sessions and block a user concerned by a High alert in cases of phishings or abnormal connections (UserEvidence) isolate workstations in cases of…
![](https://techprofile.blob.core.windows.net/images/3b270b575c094eeca63e9bc66c861c5a.png)
How to get the impacted asset (user or client) when fetching alerts (v2) from Defender using API?
Hello, I followed this documentation to list alerts from Defender https://learn.microsoft.com/en-us/graph/api/security-list-alerts_v2?view=graph-rest-beta&tabs=http While I am getting the output, it is very different from when I fetch the alerts…
How to fully Uninstall/Clean-up Microsoft Defender Endpoint
Hello, We are having issues trying to use a migration tool to move our devices to another Microsoft tenant. It seems to be struggling gaining access and deleting a regkey that is link to a service for MDE. The tool is running and using the system…
Security Recommendations for LAPS are outdated
These recommendations in the Microsoft Secure Score seems to be ignoring the new Windows LAPS and looking at the old LAPS. When we changed over to the Windows LAPS, these recommendations started getting flagged. I thought Microsoft would eventually…