1,250 questions with Microsoft Defender for Cloud-related tags
IaaSAntimalware and MDE.Windows VM extensions
Are there any benefits to having both the IaaSAntimalware and MDE.Windows extensions installed on an Azure hosted virtual machine or are they just redundant?
Impossible to enable Defender for Storage Malware scanning
I would like to enable Azure Defender Malware scanning on my (StorageV2) Storage Account. I upgraded my subscription's MS Defender for Cloud plan. However, any attempt on enabling Malware scanning or Sensitive data discovery fails. While enabling on…
Defender for cloud not enable some of the subscription
Hi, We have added 23 subscriptions to a single management group and enabled Defender for cloud at the management group level, and assigned NIST 00-53. However, only 2 of the 23 subscriptions are showing the Defender state as "OFF".…
how do I use Azure Policy to enable 'Agentless scanning for machines (preview)' setting for Defender for CSPM
I cant seem to find a policy that enables the 'Agentless scanning for machines (preview)' setting in Defender for Cloud. How do i do it then?
Microsoft Defender for Cloud
Hi Team, I am receiving alerts which says the Backup Failure for my Virtual machines, I am not able to fix the issue could you please check and do the needful. This was the Recommended actions suggest by not not able to understand this. Please grant…
Can I create a PowerAutomate flow to offboard devices in Defender for Endpoint?
I would like to create a friendly interface for users to offboard devices in Defender for Endpoint, so they won't have to run this process manually. Is this possible?
How to block SAM, LSA dump through Microsoft Defender for Endpoint
Hello, I am trying to see if the EDR Microsoft Defender for Endpoint or other solutions from Microsoft offer options to block the following hive dump SAM, LSA and optionaly DPAPI. I am aware that suspicious dumps are detected but is there a possibility…
ServiceNow integration with Defender for Cloud
What permissions are required in SerivceNow for the ServiceNow integration with Defender for Cloud user? The doc does not seem to indicate what permissions are required for the ServiceNow service account in…
Exception Handling for Defender & Third-Party EDR Conflict
Hello. We are currently operating Microsoft Defender for Cloud (MDC). We aim to comply with one of MDC's recommendations, 'EDR solution should be installed on Virtual Machines.' While Windows machines have Microsoft Defender for Endpoint (MDE) installed…
Microsoft Defender for Containers in AKS-HCI - pricing questions
Hello, I added a new AKS-HCI kubernetes cluster on premises to arc, and enabled defender for containers and installed the extensions in the cluster. but billing has still been 0 since 1 month. can you explain why. given that it is stated that billing…
How to notify security team members of assigned alerts/incidents in Microsoft Defender
Is there a way to send email notifications to someone when we assign an alert or incident specifically to them in Microsoft Defender? We already have email notifications set up for new alerts, but we're wondering if there is a way to notify team members…
What's the exact definition of 'Timegenerated' in an Azure Resource Graph query output for Container Image Vulnerabilities?
When we run a query to find vulnerabilities in Container Images, there's a 'timegenerated' column in the query output. I've tried to find this documented somewhere, but can't, I've only found a document for Azure Monitor. Does this mean it's the last…
Azure - Microsoft Defender for Cloud - I can't download security recommendations to a CSV. I could for nearly 90 days straight and can download all others.
Hi, I can't download security recommendations to a csv file from: Microsoft Defender for Cloud | Recommendations from either the: Secure score recommendations or All recommendations tabs in Azure. I was able to do so yesterday and nearly every day since…
Microsoft defender is alerting for vulnerable version of nuget package in Azure Function's ".azurefunctions/function.deps.json" file"
Hi Champs, I'm facing a typical problem with my function app and MS defender for cloud. Defender is raising issues for my deployed function(written in c#) as: Even after installing latest nuget package, "function.deps.json" file is not…
If Defender for Blob doesn't scan a file (no tags) is there anything we can do to force it to look again?
We have a system that scans all files uploaded to blob on upload. However, we've noticed that occassionally some files just never get scanned (i.e. never get the tags against them). In the documents it does say this can happen if the file throughput is…
How to stop ATP clicking links in Phishing simulation emails
I have logged in to Microsoft Defender for O365 and configured the Phishing Simulation tab under Email & collaboration > Policies & rules > Threat policies > Advanced delivery. But something ATP wise is still clicking the links in my…
Standard Recommendations with Source "Defender for Cloud"
Recommendations under Compliance Standards (e.g. Azure CSPM (Preview) Standard) are tagged with source field as "Policy" or "Defender for Cloud". whats the difference between recommendations that are sourced from policy vs defender…
Enable Defender For Storage malware scanning using ARM template.
I have this resource definition: //Defender For Storage { "type": "Microsoft.Security/DefenderForStorageSettings", "apiVersion": "2022-12-01-preview", "name":…
Error durin on-upload malware scan activation for storage account
I created Event Grid topic and want to assign it to Microsoft Defender report pipeline. When I enable on-upload scan for my storage account and select my topic, I get Plan enablement partially succeeded. Could not enable on-upload malware scanning:…
How to set Microsoft Defender (Security Center) settings via the Azure.ResourceManager SDK
We have the following code that enables Microsoft Defender for Cloud for an Azure subscription using the Azure.ResourceManager C# SDK. However, when we view the settings for Defender in the Azure portal, a couple of items aren't turned on that we would…