113 questions with Microsoft Defender for Cloud Apps-related tags
Does Defender for Cloud Apps access policy apply to desktop and mobile apps in addition to the browser?
I created an access policy on Defender for Cloud Apps to block access from risky IP addresses. However, I am unsure if the policy applies to desktop and mobile apps or just the browser. Although testing shows that the browser session is blocked, Outlook…
Defender 365 admin console - Disabled Connected to a custom indicator & Connected to a unsanctionned blocked app rules
I want to know how I can disable these two following alerts : Disabled Connected to a custom indicator Connected to an unsanctioned blocked app I didn't find these alerts on the Alerts Policy of XDR/EPP or Cloud apps. Since all the changed that…
How to get the impacted asset (user or client) when fetching alerts (v2) from Defender using API?
Hello, I followed this documentation to list alerts from Defender https://learn.microsoft.com/en-us/graph/api/security-list-alerts_v2?view=graph-rest-beta&tabs=http While I am getting the output, it is very different from when I fetch the alerts…
MSDefender Android Application Issue: Infinite Loading and "Accept" Button Failed
Hello, When trying to log in, the application loads infinitely and does not progress. Furthermore, when we re-register an account for login, it takes us to a screen to accept the terms, but the "Accept" button does not perform any function. It…
Windows Defender Advanced Threat Protection - DataCollection PS1
Dear Community, I have a question regarding Windows Defender Advanced Threat Protection*DataCollection*\folderName*.ps1. My EDR raised multiple alerts from a PowerShell script that came from the above directory but was launched by a default browser like…
Defender for cloud apps
The requirement is when the user uploads any files/documents from personal owned Android/IOS managed through intune to (OneDrive for business). Files should be scanned for malicious content, including Links and any file type, document, file, etc.. Is…
Practice Test AZ - 204 got stuck on "Compiling your assessment" page and after a while I refreshed it and now it result is nowhere to be found
I had given a practice test for AZ- 204, but at the end when I submitted the practice exam it got stuck on the "Compiling your assessment" page and after over 30mins of it still being stuck on the same screen, I refreshed the page and now I am…
No License Found - Microsoft Defender
Hi there, I am seeing the following message when opening Microsoft Defender on a Mac (deployed via Intune). We do have Defender license assigned to user via Business Premium. We already have set section 1 set to Windows 10 and 11 in Microsoft Defender…
Visual Studio blocked by MS Defender
Microsoft defender blocked visual studio 2022 ( C#) and I can't enter windows forms, console, etc. Please help.
Block Download is not working when configured on Conditional Access
Hello everyone, I tried to create conditional access policy with this scenario : Block user to access office 365 except from browser, and block download any file while accessing office 365 apps on the web I've configured CA policies like the pict…
OpenSSL vulnerabilities showing in Defender Dashboard
We have multiple devices showing up with OpenSSL vulnerabilities. It is detecting two dll files that it is flagging. Which they are libssl-3-x64.dll and libcrypto-3-x64.dll. It is flagging this for multiple different applications through out multiple…
MS Defender: Attack Simulation Training - Unable to see all the Tenant Payloads
Hi All I have created five tenant payload in the Microsoft Defender Attack Simulation Training module. However, when I go to test, only 11 items are displayed and some of my templates are missing, yet they exist as I can see and edit them. Is there a way…
What is Device type: OfficePowerPointWRS in Microsoft Defender?
Hello, I'd like to know what is OfficePowerPointWRS device type. I found this on the user's activity logs in Defender for Cloud Apps. It appears to be related to OneDrive for Business and uses Microsoft 365 Common and Office Online server IP add. See…
The Address you provided is invalid, please provide a valid address and try again!!!
Hi, While I was trying to schedule the SC-200 Exam, I got the error message that the billing address isn't valid. How can I fix this issue. Thanks! Best Regards, Jasmina Jakob
Security Concern Regarding Microsoft 'PC Manager' App
Dear Microsoft Support Team, I am writing to bring to your attention a concerning security issue that has been observed with the recently released Microsoft "PC Manager." Upon conducting thorough testing and analysis, it has come to our…
defender for endpoint settings
Hello! There was a question about the Microsoft Defender Portal settings item in the Defender for Endpoint item. When in Security setting management- enable Use MDE to enforce security configuration settings from Intune. then "Enable…
Defender for Endpoint: How isolate device with high risk automatically?
Hello team, How can I auto-isolate a device that comes with a high-risk score?
Microsoft Defender XDR Streaming API
We have an API configured, and it is my understanding that you should be able to tie directly to a sentinel workspace and it should be configured like the image. But none of the options are selected for event hub connections or Storage accounts. For…
Stop downloads on unmanaged devices - conditional access
Hi all, I want to set a block policy on downloads from sharepoint and onedrive for unmanaged devices - personal or not within the tenant.
Quarantine inaccessible: Error message: Failed to load data. Please try again later.
For several weeks, I have been unable to see data in https://security.microsoft.com/quarantinequarantine. This problem started suddenly as I was previously able to access quarantine. Simultaneously, my team started receiving emails affixed with the…