174 questions with Microsoft Defender for Identity-related tags
Custom Webpage for Devices Isolated by Microsoft Defender
I am an Admin. My Company uses Microsoft Defender XDR. When a Device is Isolated, and the user of the Device opens his Browser, he gets shown a Default Webpage by the Defender. Is it possible to customize a the Default Webpage that is shown to a Device…
Package fails to install for Windows 2016 endpoints in Microsoft Defender for Identity
Problem with enroling Windows 2016 devices in Microsoft Defender for Identity As part of moving from a third party AV to defender (2019 and 2022 work fine). PowerShell Running the installation package fails on 2016 for multiple servers All available…
![](https://techprofile.blob.core.windows.net/images/niFIrQFAAwAAAAAAAAAAAA.png?8D987E)
How to tune Initial access incident to not trigger if there was no successful login
I am getting a significant amount of alerts from detection source AAD Identity Protection on my MS Defender Incident page, that are called "Initial access incident involving one user" and "Multi-stage incident involving Initial access…
Suspend user in Defender User page
Hi, For 2 years i had no issue to suspend a user directly through the incident page in Defender console. Now, the option is not there anymore since Christmas. I opened a ticket with MSFT, but.... you know. Does Something have change for this ? Does…
![](https://techprofile.blob.core.windows.net/images/mI_2KOIoc0uABRwnnzTJ2A.png?8DC58B)
Why Occurs This Porblem (This App has been blocked by System Administrator) in Domain Network
when we open some Application in our Computer it gives us this problem (This App has been blocked by System Administrator) in Domain Network, Why occurs this problem and how to solve it. Thanks alot.
![](https://techprofile.blob.core.windows.net/images/CL9sTc5zkUClnOVlnXO8DA.png?8DC921)
How to avoid to notify users that this was a phishing alert
I created a phishing attack and sent it to test users. that works, but when the user clicks on the link or provides his crentials, he gots immediately a message saying that it was an alert. The problem is, if I send the alert to a complete department,…
I can't RMS and IRM for use labels with permissions configurations.
Currently, I am responsible for configuring and creating sensitivity labels and label policy. I've already created the labels and label policy, which were published to our test group before being enabled organization-wide. The sensitivity label has…
![](https://techprofile.blob.core.windows.net/images/GwtaAs6y7E29mww9s0oZbQ.png?8D92F0)
Microsoft business Premium Not Support XDR solution ?
I See Microsoft Defender XDR prerequisites Not have Business Premium i don't know support ? Even if it has email protection, identity Endpoint or the need to change plans. This link :…
![](https://techprofile.blob.core.windows.net/images/MJu1o5MekEyM2pnVukCCLg.png?8DBB59)
![](https://techprofile.blob.core.windows.net/images/MJu1o5MekEyM2pnVukCCLg.png?8DBB59)
third party phishing simulations
Long story short, The issue is, recently when sending Sophos Phish Threat Campaigns with attachments, end users are not getting the initial campaign email, but instead are getting the follow-up email informing them that they’ve failed and have been…
Attack simulation training - customize text hover of phishing link
Hello everyone, I'm currently working in a phishing simulation and I wanted to know if it's possible to change the hover text of phishing link. I tried directly in the html code as I'm doing my own mail template but it doesn't work, seems like the tool…
Office 365 Attack Simulator
I want to run an Office 365 attack simulation training phishing test in a Customer. According to the article below, I need either one of these licenses: Microsoft 365 E5 or Microsoft Defender for Office 365 Plan 2…
Microsoft 365 Defender: IdentityLogonEvents Query to Detect Logon from Foreign Countries and IP Addresses
Is it possible to write a query based on IdentityLogonEvents table to find Azure AD's sign-in or log-on attempts from a foreign country or IP address? Thanks!
Attack Simulation Training Modules
I am trying to find away to download the attack simulation training modules to share with our training folks for evaluation or grant them proper access to view the modules directly off the attack simulation portal. Any thoughts?
Unable to map login page into payload in MS Defender: Attack Simulation
We are trying to initialize the Credential Harvest Attack Simulation feature in Defender but I'm running into an issue where I'm unable to map login page to payload that I have created. I did receive the test phishing email with the hyperlink inside, but…
Analyse MDE ASR(Attack Surface reduction) rules
Hello everyone, Recently, we implemented ASR (Attack Surface Reduction) rules in audit mode across approximately 3000 workstations, and upon review, we observed a significant number of detection actions on the Microsoft Defender for Endpoint (MDE)…
What permission do I need to access Microsoft Defender - Incidents?
I'm currently accessing a incident on our environment but I can't access it. It gives my this error message. "You can’t access this section. Sorry, you can’t access this section. Check with your administrator for the role-based access permissions…
![](https://techprofile.blob.core.windows.net/images/SbBXW6wumkK4XgZSyURk4A.png?8D926C)
Defender XDR - Broswer extension
Hello, We have the all Defender P1/P2 plan, etc. We had in the past few months in the device page the software inventory->Browser extension. Now, we can received the Data from there and would like to know if something change in the platform or if i…
![](https://techprofile.blob.core.windows.net/images/mI_2KOIoc0uABRwnnzTJ2A.png?8DC58B)
![](https://techprofile.blob.core.windows.net/images/mI_2KOIoc0uABRwnnzTJ2A.png?8DC58B)
suspicious log in defender for endpoint
Hi everyone, I stumbled upon these logs from a machine, they seem very suspicious and not normal, should I be worried? Thanks.
Windows Defender Protection History Deletion Issue
Dear Microsoft Support Team, I hope this finds you well. I am writing to seek your assistance in resolving an issue I am facing related to Windows Defender Protection History. I wish to delete the history for security and privacy reasons; however, I am…
About Authenticator app
I had to change my instagram password and during login I can't find instagram on authenticator app. Kindly help