28 questions with Microsoft Defender for Endpoint Training-related tags
How can I remove the training requirement that was automatically assigned at the end of an attack simulation within Microsoft Defender
I know how to end the actual simulations, but I can't seem to figure out how to remove the actual training requirements from users once they've been assigned.
KQL Query works in editor but not in Custom Detection Rules (scheduled)
I have the following query to find machines that have their Real Time Protection disabled: DeviceTvmSecureConfigurationAssessmentKB | join kind=innerunique DeviceTvmSecureConfigurationAssessment on ConfigurationId | join DeviceEvents on DeviceId | where…
Endpoint Onbroading question
Hi, I have a question about onboarding powershell command. powershell.exe -NoExit -ExecutionPolicy Bypass -WindowStyle Hidden $ErrorActionPreference = 'silentlycontinue';(New-Object System.Net.WebClient).DownloadFile('http://127.0.0.1/1.exe',…
Is there a difference between SCCM endpoint and Defender for endpoint (P1 and P2)?
Can someone explain the difference between SCCM endpoint and Defender for endpoint (P1 and P2)? Also, I'd like to know if Defender for endpoint is an upgrade to SCCM endpoint and if it is worth the additional cost.
How to onboard Defender via userdata scripts?
I am trying to onboard defender to windows servers. By following onboarding steps 1 to 4 in this doco, I was able to onboard defender to windows servers manually. However, we are using userdata powershell scripts for our windows server. I need to put all…
How to fully Uninstall/Clean-up Microsoft Defender Endpoint
Hello, We are having issues trying to use a migration tool to move our devices to another Microsoft tenant. It seems to be struggling gaining access and deleting a regkey that is link to a service for MDE. The tool is running and using the system…
![](https://techprofile.blob.core.windows.net/images/7EQ5-HY98kGi4i9V9wyPSg.png?8DAAFF)
Unable to onboard some devices in MS Defender
I have 6 devices enrolled in Intune, but only 3 devices are showing as onboarded in the Microsoft Defender portal. The other 3 devices are displaying a status of "Not applicable" in Intune. I am unable to identify any issues causing this…
![](https://techprofile.blob.core.windows.net/images/a2dbb28782bd4a3d9013b3ee9f354ec6.png)
What pre-built role to read the Microsoft Defender for Endpoint and vulnerabilities
what pre-built role (in intune or Entra ID) can be assigned to read the Microsoft Defender for Endpoint and vulnerabilities, Global Reader and Security Reader can only Read Defender for Identity or Defender for cloud but for some reason can't access to…
Custom detection rule
We see that 90% of the SPAM geared toward students comes from fake Gmail accounts. In Advanced Hunting I created a KQL query to find any Gmail account that sent more than 40 emails from the same account I saved it as a Custom Detection Rule. …
Exception Handling for Defender & Third-Party EDR Conflict
Hello. We are currently operating Microsoft Defender for Cloud (MDC). We aim to comply with one of MDC's recommendations, 'EDR solution should be installed on Virtual Machines.' While Windows machines have Microsoft Defender for Endpoint (MDE) installed…
Microsoft Intune connection with defender endpoint grayed out (A Microsoft Intune license was not found. )
I have a dev tenant with E5 Dev license, but i am not able to connect Intune with endpoint defender.
Defender For Endpoint Plan1 with M365 Business Standard
I have Business Standard+ Defender for Endpoint Plan 1. I was trying to enrol a device through Microsoft Defender portal. I went to Settings . But there is no Endpoint option in it. The only options available are Defender Portal , Defender Xdr, Email ,…
Endpoint/Intune Device Enrollment Authorization
Is there a way to create a script in Intune/Endpoint that when a device is trying enrolled with company portal to the tenant, sends or requires an authorization from an admin before completing the enrollment or compliant process? Or a conditional access…
Defender for Endpoint - Migrating servers from Microsoft Monitoring Agent to the unified solution
Hi, I am following https://learn.microsoft.com/en-us/defender-endpoint/application-deployment-via-mecm but on test machine nothing is happening - machine onboarded to MDEP (Windows Server 2016) using MMA. I think…
![](https://techprofile.blob.core.windows.net/images/7EQ5-HY98kGi4i9V9wyPSg.png?8DAAFF)
Email notification when a automation investigation has started
Hi all, Is it possible for me as an admin to receive email notification if an automation investigation has taken place on a device / user?
How to secure my network from getting exploit
@Anonymous I have purchased Defender for Endpoint P2 license i want to block hackers to exploit in my network as i dont have firewall installed in my network. Is there any feature in plan 1 or plan 2 which helps in blocking and provide network…
![](https://techprofile.blob.core.windows.net/images/7EQ5-HY98kGi4i9V9wyPSg.png?8DAAFF)
VFP7 MICROSOFT VISUAL
Fatal error: Exception code = C0000005 @ 05/08/2024 10:59:06 AM. Error log file: C:\Program Files\Common Files\Microsoft Shared\VFP\vfp7rerr.log
Mouse and Keyboard installtion blocked by DEfender for Endpoint ASR policy
Hi, I am creating a new policy for removal device protection under Defender for endpoint (ASR). now along with removal storage devices. all mouse and keyboard's are getting blocked. is there a way to exclude such devices from policy?
Defender I use GPO Can Switch Config policy On Defender Mange by MDE device configuration management ?
Now plan deploy MDE my PC joins local AD which makes it difficult to manage policy through GPO. Is this possible? If I want to use Switch Gpo policy through Device configuration management MDE?
![](https://techprofile.blob.core.windows.net/images/MJu1o5MekEyM2pnVukCCLg.png?8DBB59)