1,250 questions with Microsoft Defender for Cloud-related tags
How to acquire security information in Azure Defender using REST API?
I'm using REST API to acquire security information of resources in Security Center -> Azure Defender. I learned that Azure Defender can be installed both in azure and third party resources. Can I use single API to acquire: Alert Count by…
Explanation- Parameter : Enabling NIST SP 800-53 R4 compliance standards.
Explanation- Parameter : Enabling NIST SP 800-53 R4 compliance standards. Below Parameters needs some explanation - List of users excluded from Windows VM Administrators groupWhat to mention if there are no users in exclusion, as this section is…
Securing Single Web App.
I currently have a single Web App and Durable Functions, 2 VMs and 1 Azure SQL Database and 1 Cosmos DB. I wanted to know what is the best approach to secure the Web App. I have read WAF, or WAF with Application Gateway or Front Door. I would need…
Is it possible to acquire overview of my resources in Security Center -> Inventory using REST API?
I'm using REST API to acquire security overview information of vms and other resources in Security Center -> Inventory. I'd like to know: How many VMs is unmonitored Healthy, unhealthy, and not applicable Overview on resources:…
Policy & Compliance
Hello, We have setup security centre for 4 of our subscriptions. For industry & regulatory standards, by default we have PCI and etc enabled. I wanted to enable PI (Personally Identifiable) data, AML data policy as part of the regulatory…
Microsoft Antimalware Extension
Hi, since Windows Defender is not supported on Server 2012 R2 I'm looking for endpoint protection solutions to vms in Azure. I came a cross Microsoft Antimalware Extension for Windows which could solve my issues but have few questions about this service…
IAASAntimalware- Provisioning Failed
I am getting below error on installing MicroSoft AntiMalware Extension to Azure Virtual Machine. Error 1: System.InvalidOperationException: Cannot start service MSMPSvc on computer '.'. ---System.ComponentModel.Win32Exception: The service…
Deploy ATP to Windows server 2016 1607
Hi all i folow this guide https://video2.skills-academy.com/en-us/mem/configmgr/protect/deploy-use/defender-advanced-threat-protection Download package, get key and ID, put to MECM and deploy to servers. We have SCOM 2019 UR2 on all servers. …
Microsoft Graph Security API results
Hello, With the Graph Security API /alerts endpoint url, I receive alerts info but some fields are not filled in the response. As an example, in the screenshot there is no value for the field "privateIpAddress". Is there a reason why…
Azure Security Center recommendations remediation tracker
Hello, Can we have an option on Azure Security Center recommendations to get the remediation tasks tracked as it is done on Defender Portal (Attached image for reference) This would be helpful where there are policies that needs to be applied to…
Azure Pen Test
Hi, does Azure has available reports of its own Pen Test or Red Teaming test?
Microsoft Cloud application security discovery dillema
Hello, we want to use MCAS in our Azure environment. The problem I encountered is that when trying to enable the Discovery in our environment I cannot do it. We don't have any proxies or Firewall in place -> no logs can be exported and…
Intune - Devices reported as without ATP-sensor
So we activated Defender ATP within Intune and connected it with Microsoft Defender Security Center: I can see the devices at https://securitycenter.windows.com/machines But Intune reports them as devices without ATP-sensor: …
Microsoft Threat Model - Not able to add a new stensil to my template
I created a threat model with MSTM tool with some template taken. I need to add few new stensils to it. but I don't find a option to do the same! is that possible? Pls advise / let know a way. Thanks,
Azure SecurityCenter
Hello All, What is the advantages of integration(enabling) of Azure Security Center with Sentinel? What kind of rule we can enable on sentinel for Azure Security Center? Thank You Rohit
Azure ATP Sensor Proxy Authentication
All internet traffic in our org goes via a forward web proxy. It also has the capability to bypass SSL inspection should we need to. I have been looking at deploying the Azure ATP sensor to my domain controllers but security teams are uncomfortable with…
VMs missing from Security Center inventory
Hi all I have enabled Security Center for my subscription but it did not list any of my VMs in the inventory. I have created new ones (Linux OS) since enabling Sec Center but it won't list these either. I feel I must be missing something. Does…
Azure Security Assessment
Hi there, It is required to assess the Security (CSPM) for all our Azure PaaS & SaaS services across a number of Management Groups. Not just the security score. An in-depth Security Assessment to be carried out across:- Identity and…
Azure Defender and specific App Services
I'm reading the documentation for Azure Defender (https://video2.skills-academy.com/en-gb/azure/security-center/azure-defender) and this suggests that the only way to enable Azure Defender for App Service is through enabling for the subscription which would…
How to notify admin and suspend user if user downloads large amount of files in 20 minutes?
Helo, I require to notify admin and suspend user if user downloads large amount of files in 20 minutes. which security policy can be considered? an activity policy/DLP policy/File Policy/an alert policy ? Thanks,