1,567 questions
1,366 questions with Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud tags
1 answer
One of the answers was accepted by the question author.
are Agentless scanning for machines and vulnerability assessment for machines features available under azure gov (GCCH)?
The defender for server P2 is activated on my subscription; however, I am not seeing any option to enabled these two features: Agentless scanning for machines vulnerability assessment for machines I wonder if these are available on GCCH or only…
Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud
asked 2025-05-20T14:48:33.6233333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 38%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELJ%3C/text%3E%3C/svg%3E)
Leonord Joseph
20
Reputation points
accepted 2025-05-22T14:11:47.88+00:00
Leonord Joseph
20
Reputation points
2 answers
Offboarding VMs from Defender for Servers Plan 2
After enabling Defender for Servers Plan 2 on a subscription for testing, the plan has been deactivated; however, the servers are still visible in the Defender for Server Portal. In the Azure portal, the MDE.Windows extension remains installed on the VM.…
Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(73.60000000000001, 18%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 26%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
1 answer
One of the answers was accepted by the question author.
Required Configuration in Microsoft Defender Suite for Microsoft RaMP Integration
Hi All, We are planning to deploy Microsoft Defender Suite in an organization, We would like to understand what are the necessary configurations required across the Microsoft Defender suite—including Defender for Endpoint, Defender for Identity, Defender…
Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud
asked 2025-05-13T12:04:51.3833333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 63%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESK%3C/text%3E%3C/svg%3E)
Subhash Kumar Mahato
265
Reputation points
accepted 2025-05-21T06:57:50.9066667+00:00
Subhash Kumar Mahato
265
Reputation points
1 answer
Attack Simulation Training in Microsoft Defender
We have deployed phishing campaigns and some users have been not been compromised and have successfully reported the phish. The issue is that after been sent successfully completed acknowledgment, these users receive a Training assignment notification,…
Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud
asked 2025-05-14T15:38:15.4466667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 12%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFR%3C/text%3E%3C/svg%3E)
Farrukh Riaz
0
Reputation points
commented 2025-05-19T02:08:02.5966667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 82%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVD%3C/text%3E%3C/svg%3E)
Vigneshwar Duvva
2,225
Reputation points Microsoft External Staff
Moderator
1 answer
Meaning of "Previously assigned" training completion status in Attack Simulator
Does the "Previously assigned" training completion status in Attack Simulator mean that the training has NOT been completed by the user?
Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud
asked 2025-05-14T15:06:32.2933333+00:00
Farrukh Riaz
0
Reputation points
commented 2025-05-16T18:45:19.4266667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 30%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGP%3C/text%3E%3C/svg%3E)
Goutam Pratti
6,170
Reputation points Microsoft External Staff
Moderator
2 answers
How to fully Uninstall/Clean-up Microsoft Defender Endpoint
Hello, We are having issues trying to use a migration tool to move our devices to another Microsoft tenant. It seems to be struggling gaining access and deleting a regkey that is link to a service for MDE. The tool is running and using the system…
Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud
Microsoft Security | Microsoft Defender | Microsoft Defender for Identity
Microsoft Security | Intune | Other
5,571 questions
Community Center | Not monitored
46,345 questions
asked 2024-06-27T13:23:57.6933333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 14.000000000000002%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDB%3C/text%3E%3C/svg%3E)
Dan Beeney
0
Reputation points
commented 2025-05-15T03:30:11.9533333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(169.60000000000002, 22%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EY%3C/text%3E%3C/svg%3E)
Yharim
0
Reputation points
1 answer
Defender for cloud inventory health is reporting vulnerability findings that according to update history on the VM's have been installed.
All the vulnerability findings are related to .net or .net core. Some going back to 2023. Are these false positives? Highs and Meds so really want to make this go away. All windows updates have been installed and show in windows update history. Any…
Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud
asked 2025-05-05T10:28:58.7433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 39%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
jbutler
0
Reputation points
answered 2025-05-14T21:39:34.8366667+00:00
Andrew Blumhardt
10,056
Reputation points Microsoft Employee
1 answer
Can the Microsoft Defender portal show the server details as per security group?
I'm using Microsoft Defender to monitor the servers. I have multiple groups of people working from various other vendors. I would like create multiple security groups and add people based on their company and configure the defender such a manner that…
Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud
asked 2025-05-12T04:52:55.93+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 39%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Ro_009
0
Reputation points
commented 2025-05-14T18:16:36.38+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 74%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)
Jyotishree Moharana
1,845
Reputation points Microsoft External Staff
Moderator
1 answer
One of the answers was accepted by the question author.
Defender for Cloud - Disabled accounts with read and write permissions on Azure resources should be removed - removing permissions from accounts automatically
Hello, To complete recommendation from DfC "Disabled accounts with read and write permissions on Azure resources should be removed", I'd like to set autoschedule to remove permissions assigned to disabled accounts, which sign-ins aren't logged…
Azure Automation
Azure Automation
An Azure service that is used to automate, configure, and install updates across hybrid environments.
1,371 questions
Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud
Microsoft Security | Microsoft Entra | Microsoft Entra ID
25,270 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 94%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
1 answer
Microsoft Defender XDR False Positive for SharePoint/OneDrive File Downloads
Multiple Microsoft Defender alerts have been triggered, indicating users downloading a large number of files within a short timeframe (ranging from a couple of hundred to thousands). When reaching out to the users, confirmations have indicated that they…
Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud
asked 2025-05-07T13:14:42.91+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 78%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB%3C/text%3E%3C/svg%3E)
brichardi
361
Reputation points
commented 2025-05-12T14:00:27.7733333+00:00
Jyotishree Moharana
1,845
Reputation points Microsoft External Staff
Moderator
1 answer
Our Email Group Getting Status 500 error code
Email group attempting to approve or reject somethings in the Action Center but its giving them approve remediation pending action failed - with status code of 500 ?? Is there a bug all team members attempted gives them all error.
Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud
asked 2025-05-07T13:28:30.9866667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 27%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
CYB5478
0
Reputation points
commented 2025-05-09T22:15:29.01+00:00
Goutam Pratti
6,170
Reputation points Microsoft External Staff
Moderator
1 answer
Legitimacy and Purpose of Azure Defender PowerShell Script Execution
Hello Microsoft Community, I noticed that on my Windows Server, the following file is triggering PowerShell script execution: C:\Packages\Plugins\Microsoft.Azure.AzureDefenderForServers.MDE.Windows\1.0.9.1\HandlerUtilities.psm1 This script seems to be…
Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud
asked 2025-05-01T10:57:36.7833333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 68%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHS%3C/text%3E%3C/svg%3E)
Hitesh Sungar
0
Reputation points
edited a comment 2025-05-09T03:05:40.2666667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 55.00000000000001%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Sanoop M
4,310
Reputation points
Moderator
1 answer
Anonymous User Succeeded Download Limit
My company received an alert that a user succeeded the file download limit (total was 58/min). Upon investigating the alert in Defender, the user ID is displaying as…
Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud
asked 2025-05-02T14:46:08.9633333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 39%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
ShallowCopy
25
Reputation points
commented 2025-05-08T08:42:43.87+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 51%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
Bandela Siri Chandana
3,055
Reputation points Microsoft External Staff
Moderator
1 answer
One of the answers was accepted by the question author.
How do I remediate the Secure Score recommendation to enable automatic updates in office now that admin templates are deprecated in intune?
This information is incorrect: Go to the Devices-> Configuration profiles To update an existing policy: Click on the policy name in the list In the navigation bar, click on Properties Next to Configuration settings click on Edit Go to step…
Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud
asked 2025-02-18T12:40:17.48+00:00
Mark Taylor
331
Reputation points
edited the question 2025-05-08T07:36:52.3+00:00
Raja Pothuraju
25,115
Reputation points Microsoft External Staff
Moderator
1 answer
Legitimacy and Documentation of PowerShell Script in Windows Defender ATP Data Collection Path
Hi Team, We’ve observed the following script being executed on several servers: C:\ProgramData\Microsoft\Windows Defender Advanced Threat…
Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud
asked 2025-05-01T10:59:20.1733333+00:00
Hitesh Sungar
0
Reputation points
commented 2025-05-08T05:58:31.3466667+00:00
Sanoop M
4,310
Reputation points
Moderator
1 answer
One of the answers was accepted by the question author.
Known file getting tagged as malicious
I have a single macros enabled excel file, every time I make changes and save it with different name Defender MDE flags it as malicious and file gets corrupted. Every time I make changes, SHA value changes and hence submitting it to Microsoft as clean…
Microsoft 365 and Office | Excel | For business | Windows
3,993 questions
Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud
asked 2025-02-04T14:22:31.1366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 63%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAR%3C/text%3E%3C/svg%3E)
Aishwarya RM
20
Reputation points
edited the question 2025-05-06T10:51:51.86+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 76%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
VarunTha
14,850
Reputation points Microsoft External Staff
Moderator
1 answer
Email sent by External User are being Quarantined by EOP
Hello, We have recently observed a significant increase in legitimate emails being quarantined by Microsoft 365 Defender (EOP) for both Exchange Online and on-premises users. These emails are being flagged by the anti-spam policies, and this behavior…
Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud
asked 2025-04-30T08:31:24.4133333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 37%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
Parsian02
20
Reputation points
commented 2025-05-06T09:23:46.0166667+00:00
Bandela Siri Chandana
3,055
Reputation points Microsoft External Staff
Moderator
1 answer
What are all logs collected by defender for endpoint from windows endpoints and servers?
Hi Team, I have some servers from where i am collecting common event ids via AMA agent and sending it to Sentinel SIEM tool. Recently i installed defender for endpoint agent in these servers. I am now thinking of offboarding AMA agent as i already have…
Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud
asked 2025-05-05T06:20:53.7033333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 50%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESN%3C/text%3E%3C/svg%3E)
Supriya Nelluri
5
Reputation points
answered 2025-05-06T09:21:19.8966667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 17%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVJ%3C/text%3E%3C/svg%3E)
Venkata Jagadeep
1,400
Reputation points Microsoft External Staff
Moderator
1 answer
One of the answers was accepted by the question author.
Issue retrieving CVE details using responseType: reduced in Defender EASM Assets API
I'm working with the Microsoft Defender External Attack Surface Management (EASM) API, specifically the assets endpoint. When I make a request using responseType: reduced and apply a filter for a specific CVE ID, the response does not include any…
Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud
asked 2025-04-28T08:07:52.6366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 21%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDP%3C/text%3E%3C/svg%3E)
Dev Parmar
20
Reputation points
edited a comment 2025-05-05T06:10:41.7233333+00:00
Dev Parmar
20
Reputation points
1 answer
PCI Policy Not Displaying on Regulatory Compliance Dashboard
I enabled the PCI policy under Regulatory Compliance and initiated it, but it's still not appearing on the Regulatory Compliance dashboard.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 98%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)