1,392 questions with Microsoft Defender for Cloud-related tags
How to remediate the Microsoft Defender recommendation "Update Openssl Openssl".
Microsoft Defender recommendation shows the recommendation "Update Openssl Openssl" for one of my VMs. Can anyone assist how to remediate this recommendation.
Setting defender settings for storage account via bicep does not work
I have included the following in my bicep in order to use Microsoft defender for cloud for my storage account (see code below). The pipeline that deploys the resources in azure goes through without issues and Microsoft defender for cloud gets enabled.…
Initiate MDE scan for remote device
How can i initiate a quick / Full scan from remote a device. Pre-condition: Source & target device can ping each other, same network. & both have onboarded to MDE and have updated defender. Note: I dont want to initiate scan from endpoint portal…
Identity Secure Score Regression without making any changes
Hello, Our Identity Secure Score in Entra ID has dropped from 79.98% to 50.36% without any changes made on our part. Using Microsoft Defender, we can view the Microsoft Secure Score, which is different from the Entra Identity Secure Score. However, we…
Failing to configure Defender for Servers File Integrity Monitoring
I don't have Owner role (and cannot have in the tenant I'm working) but I have Security Admin role and also custom role which allows me to enable for example all features of Defender for Storage and also all features of Defender for Servers. Except that…
About safe attachments
We are currently enabling dynamic delivery of "safe attachments" for some users. It has been working well recently and I haven't had any issues with attachments not being able to be opened for a while because they are being scanned, but we have…
MDC reports vunerabilities about OpenSSL used by lastest Azure VM extensions
Hi, Trying to improve my MDC secure score. OpenSSL seems to be a big part of the vulnerability findings. When diggning I found out that in any cases the culprit where related to ADE 2.4.0.23 (version 2.3.0 didn't seem to use openssl): openssl used is…
Resolving Windows servers should be configured to use secure communication protocols - windows 2019
I have got a recommendation on Azure advisor for the below item Resolving Windows servers should be configured to use secure communication protocols Its not clear how to fix the advisor alert, however there is a list of tasks detailed below. Enable…
Help with Microsoft Defender Quarantine - Allowing Secure Emails After Review
Hi everyone, I’m having trouble with Microsoft Defender for Office 365, specifically related to releasing a secure email from quarantine. The email has been identified as safe, but it's still being blocked. Here are the steps I’ve already taken to…
OpenSSL vulnerabilities in Defender for latest version Microsoft Products
My org has several OpenSSL vulnerabilities for OneDrive and Azure Disk Encryption. The CVEs are CVE-2024-4603, CVE-2024-4741, CVE-2024-5535, and Defender was said to fix inaccuracies with these last month (Sept. 2024).…
Integrating Microsoft Defender for Cloud Apps with Microsoft Defender for Cloud
The CIS Benchmark 2.1 for Azure recommends integrating Microsoft Defender for Cloud Apps with Microsoft Defender for Cloud by selecting the appropriate setting. However, the method described in the CIS document does not work for us as we cannot find the…
Incidents in Microsoft Sentinel Auto-Closing Without Automation Rules
I'm currently using Microsoft Sentinel and noticing that some incidents are automatically closing themselves, sometimes with the reason "resolved at source" or no comment at all. I've checked for any automation rules or playbooks that might be…
Move Defender IoT device to new Azure Tenant
Hi All, We have a Defender for IoT Device on one of our sites for OT that is currently activated against a tenant that we have no access to. We want to move the Defender for IoT device to our own tenant. Is there a way on to do this without having access…
Abusive traffic from Azure, but Microsoft does not care?
Hi! Almost daily there are from 500K to 3.2 million connection attempts from one IP in the Azure network, in total we have had 164.159.454 requests from that IP since June 1st, those requests are both basic port scanning and then attempts to exploit…
Action center: I can't approve
When I go to the action center, there are sometimes some mails that need a soft-delete approval and it doesn't allow to apply that. In some occasions, I go to the investigation and I can take the actions from there, but other times it is impossible. Why…
How to edit the "User Notification Email" which user receives after Email analyst choose the option "Mark and Nofity User"
How to edit the "User Notification Email" which user receives after email analyst choose the option "Mark and Nofity User"
Blank pages or menu in Microsoft Defender for Cloud
Hi, I have some issues with using Defender for Cloud recently. I am trying to manage my compliance standards to monitor for my subscriptions using the "Regulatory compliance" blade. But as is showing my screenshot, the menu bar is missing. I…
How do i track a user browsing activities in intune or defender?
Dear All, I would like to review a user browsing history. In Defender advance hunting, i had entered the following queries (from copilot) but when i run, there is no data returned, anyone know how modify the code so that it return the user browsing…
What permission do I need to access Microsoft Defender - Incidents?
I'm currently accessing a incident on our environment but I can't access it. It gives my this error message. "You can’t access this section. Sorry, you can’t access this section. Check with your administrator for the role-based access permissions…
MS Defender - How to manage Tenant Allow/Block Lists with graph api
Hi, I'm trying to create an integration to block certain URLs on Microsoft Defender with the Graph API. After looking into the documentation, I found this endpoint:…