118 questions with Microsoft Defender for Cloud Apps-related tags
Windows Defender Advanced Threat Protection - DataCollection PS1
Dear Community, I have a question regarding Windows Defender Advanced Threat Protection*DataCollection*\folderName*.ps1. My EDR raised multiple alerts from a PowerShell script that came from the above directory but was launched by a default browser like…
Defender for endpoint: Controlled Folder Access: Where Can I find the list of well known apps allowed to access the protected folders?
Hello team, https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/controlled-folders?view=o365-worldwide#windows-system-folders-are-protected-by-default Controlled folder access protects your data by checking apps against a list of…
Cloudapps Unsanctioning apps
Unsanction of Cloudapps is only blocking on Edge browser but can access on chrome and firefox.How can i effect unsanctioning across all browsers? All my devices are managed by intune
Does Defender for Cloud Apps access policy apply to desktop and mobile apps in addition to the browser?
I created an access policy on Defender for Cloud Apps to block access from risky IP addresses. However, I am unsure if the policy applies to desktop and mobile apps or just the browser. Although testing shows that the browser session is blocked, Outlook…
Due to the scoring of MDCA being discontinued, if we need to retain the TOP 10 users using UEBA, what methods can we use?
Due to the scoring of MDCA being discontinued, if we need to retain the TOP 10 users using UEBA, what methods can we use? 'Investigation priority score' feature and 'Investigation priority score increase policy' will be phased out in the coming weeks,…
your system administrator has blocked this program. for more info contact your system administrator
I am using a domain account and, as per company policy, I cannot create a local account. Additionally, I am unable to access the User Account Control (UAC) window to add or remove programs on this system. Could you please provide assistance with this…
Defender 365 admin console - Disabled Connected to a custom indicator & Connected to a unsanctionned blocked app rules
I want to know how I can disable these two following alerts : Disabled Connected to a custom indicator Connected to an unsanctioned blocked app I didn't find these alerts on the Alerts Policy of XDR/EPP or Cloud apps. Since all the changed that…
OpenSSL vulnerabilities showing in Defender Dashboard
We have multiple devices showing up with OpenSSL vulnerabilities. It is detecting two dll files that it is flagging. Which they are libssl-3-x64.dll and libcrypto-3-x64.dll. It is flagging this for multiple different applications through out multiple…
Defender for cloud apps
The requirement is when the user uploads any files/documents from personal owned Android/IOS managed through intune to (OneDrive for business). Files should be scanned for malicious content, including Links and any file type, document, file, etc.. Is…
Defender for Cloud Apps Generative AI Category
We're running Defender for Cloud Apps in our organization and we've detected over 100 applications in use, however, no Generative AI app usage has been detected on any of our endpoints despite it definitely being used. I've even used ChatGPT and Google…
How to get the impacted asset (user or client) when fetching alerts (v2) from Defender using API?
Hello, I followed this documentation to list alerts from Defender https://learn.microsoft.com/en-us/graph/api/security-list-alerts_v2?view=graph-rest-beta&tabs=http While I am getting the output, it is very different from when I fetch the alerts…
MSDefender Android Application Issue: Infinite Loading and "Accept" Button Failed
Hello, When trying to log in, the application loads infinitely and does not progress. Furthermore, when we re-register an account for login, it takes us to a screen to accept the terms, but the "Accept" button does not perform any function. It…
Practice Test AZ - 204 got stuck on "Compiling your assessment" page and after a while I refreshed it and now it result is nowhere to be found
I had given a practice test for AZ- 204, but at the end when I submitted the practice exam it got stuck on the "Compiling your assessment" page and after over 30mins of it still being stuck on the same screen, I refreshed the page and now I am…
No License Found - Microsoft Defender
Hi there, I am seeing the following message when opening Microsoft Defender on a Mac (deployed via Intune). We do have Defender license assigned to user via Business Premium. We already have set section 1 set to Windows 10 and 11 in Microsoft Defender…
Visual Studio blocked by MS Defender
Microsoft defender blocked visual studio 2022 ( C#) and I can't enter windows forms, console, etc. Please help.
Block Download is not working when configured on Conditional Access
Hello everyone, I tried to create conditional access policy with this scenario : Block user to access office 365 except from browser, and block download any file while accessing office 365 apps on the web I've configured CA policies like the pict…
MS Defender: Attack Simulation Training - Unable to see all the Tenant Payloads
Hi All I have created five tenant payload in the Microsoft Defender Attack Simulation Training module. However, when I go to test, only 11 items are displayed and some of my templates are missing, yet they exist as I can see and edit them. Is there a way…
What is Device type: OfficePowerPointWRS in Microsoft Defender?
Hello, I'd like to know what is OfficePowerPointWRS device type. I found this on the user's activity logs in Defender for Cloud Apps. It appears to be related to OneDrive for Business and uses Microsoft 365 Common and Office Online server IP add. See…
The Address you provided is invalid, please provide a valid address and try again!!!
Hi, While I was trying to schedule the SC-200 Exam, I got the error message that the billing address isn't valid. How can I fix this issue. Thanks! Best Regards, Jasmina Jakob