210 questions with Microsoft Defender for Identity-related tags
the privacy protection on microsoft defender on my windows 11 laptop will not stay on. The vpn will not conncect
I try to turn on the identity protection and it doesn't work. I go into settings and the vpn isn't connected. I try to connect it and it fails. I am instructed to wait a few minutes and try again. I have also repaired and reset the app and the…
How i can whit list or change defender rules ,when malicious files are detected in SharePoint Online, OneDrive, or Microsoft Teams and backup failed by Veam as their is malware in file
How i can whit list or change defender rules ,when malicious files are detected in SharePoint Online, OneDrive, or Microsoft Teams and backup failed by Veaam as their is malware in file how we can make them whit list as these are legitimate files as…
Permissions and roles
for a user I need the role and permissions so I can read, edit, and create email threat policies for spam and phishing. are the only roles for this higher privileged ones? is there a way to adjust those permissions to lower reach?
Question about device and security management in multi-tenant (sub-tenant) configuration
My company is growing and has created several LLCs for various product lines. The business intent is to spin off these companies into subsidiaries. It remains to be seen if they will be a "wholly owned" or "affiliate" type…
What permission do I need to access Microsoft Defender - Incidents?
I'm currently accessing a incident on our environment but I can't access it. It gives my this error message. "You can’t access this section. Sorry, you can’t access this section. Check with your administrator for the role-based access permissions…
MS Defender - How to manage Tenant Allow/Block Lists with graph api
Hi, I'm trying to create an integration to block certain URLs on Microsoft Defender with the Graph API. After looking into the documentation, I found this endpoint:…
Where did the Phish delivered due to ETR override default alert go?
Hello Please i need your help on this issue. I noticed that the Phish delivered due to ETR override default alert go inside Microsoft defender? How can i create a default Phis delivered due to ETR Override
Attack Simulation Training - Training Issue
Hi there, Re: Attack Simulation Training in Microsoft Defender We have deployed phishing campaigns and some users have been compromised. Some of these users are reporting that they have completed the training modules they've been assigned in this…
Microsoft Defender not reacting on suspisious URL
Hello, I have encountered a rather unpleasant situation with Microsoft Defender. We have received an incident regarding Connection to adversary-in-the-middle (AiTM) phishing site on one endpoint. The User involved has confirmed, that he had accidentally…
Role & Permissions
What are the correct roles or permissions to let a user read and edit the email threat policies in Microsoft defender portal? From what I can find it would be Security Administrator. Is there a way to lower this role so it is not as privileged, if no…
Audit and monitor removable devices from intune
Hello Team, I'm configuring an ASR rule to audit removable devices as the following: I need to know how to get these audits, I didn't find anything related to this policy in the surface attack reduction reports. Thanks, Alaa ELrayes
Actions Required After Verifying False Positives in Windows Defender
A customer support inquiry was received regarding our game executable (.exe) being detected as Trojan/Wacatac.B!ml. Several posts on our game site’s community have reported similar issues. The file in question is a program built and distributed by our…
Is it wise to have three separate Azure tenants for Test, Prod, and Pre-Prod + Domain name security concern?
Hello everyone, Our IT department is pushing to set up three separate Azure tenants for Test, Production (Prod), and Pre-Prod environments. I’d like to get your thoughts on whether this is truly necessary, especially considering security, management…
Unique identity
Unique identity Hi there. I got someone who was trying to log into my Facebook the other day. Would you be able to see who the ID belongs to ?
OpenSSL vulnerabilities showing in Defender Dashboard
We have multiple devices showing up with OpenSSL vulnerabilities. It is detecting two dll files that it is flagging. Which they are libssl-3-x64.dll and libcrypto-3-x64.dll. It is flagging this for multiple different applications through out multiple…
gMSA Error - Defender for Identity
Hi All, Please advice We are trying to use gMSA account instead of service account. When we change from normal account to gMSA account, the sensor stops working and i get below error. We checked firewall ports, followed below document and restarted the…
Defender for Identity - gMSA error
Hi All, Need your kind advice We are trying to configure Defender for Identity using gMSA account since its currently configured using service account and sensor working fine. When we change to gMSA, the sensor connection fails and get below error. All…
Security Recommendations for LAPS are outdated
These recommendations in the Microsoft Secure Score seems to be ignoring the new Windows LAPS and looking at the old LAPS. When we changed over to the Windows LAPS, these recommendations started getting flagged. I thought Microsoft would eventually…
Fake Copy/Paste (copy text - paste example TYfcWtHDivhu9PRkaaCCVAoAk6SKTS2XDH)
I use exclusively MS products on different servers at the same time. But for more than a year now I have been suffering from a problem with copying text. The problem is that after copying the text, the following TYfcWtHDivhu9PRkaaCCVAoAk6SKTS2XDH…
MDATP for MacOS doesnt fetch DeviceAAD ID info from Mac endpoints
Hello, Could you please help us to identify what caused the problem? We have a problem with MDATP fetching DeviceAADID for MacOS devices. I don't see such information from onboarded devices in Security Microsoft Portal. It doesn’t connected with macOS…