Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
174 questions
174 questions with Microsoft Defender for Identity-related tags
1 answer
Custom Webpage for Devices Isolated by Microsoft Defender
I am an Admin. My Company uses Microsoft Defender XDR. When a Device is Isolated, and the user of the Device opens his Browser, he gets shown a Default Webpage by the Defender. Is it possible to customize a the Default Webpage that is shown to a Device…
asked 2024-02-26T08:02:49.6633333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous
answered 2024-04-04T14:42:37+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 28.000000000000004%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECK%3C/text%3E%3C/svg%3E)
Catherine Kyalo
655
Reputation points Microsoft Employee
2 answers
Package fails to install for Windows 2016 endpoints in Microsoft Defender for Identity
Problem with enroling Windows 2016 devices in Microsoft Defender for Identity As part of moving from a third party AV to defender (2019 and 2022 work fine). PowerShell Running the installation package fails on 2016 for multiple servers All available…
asked 2024-01-11T17:29:36.0466667+00:00
Arran
0
Reputation points
answered 2024-04-04T14:33:14.5333333+00:00
Catherine Kyalo
655
Reputation points Microsoft Employee
1 answer
How to tune Initial access incident to not trigger if there was no successful login
I am getting a significant amount of alerts from detection source AAD Identity Protection on my MS Defender Incident page, that are called "Initial access incident involving one user" and "Multi-stage incident involving Initial access…
asked 2024-03-06T17:57:28.9833333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 81%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAA%3C/text%3E%3C/svg%3E)
Anders Analyst
10
Reputation points
commented 2024-04-04T13:53:50.64+00:00
Anders Analyst
10
Reputation points
1 answer
Suspend user in Defender User page
Hi, For 2 years i had no issue to suspend a user directly through the incident page in Defender console. Now, the option is not there anymore since Christmas. I opened a ticket with MSFT, but.... you know. Does Something have change for this ? Does…
asked 2024-03-12T18:34:48.0066667+00:00
Étienne Fiset
50
Reputation points
answered 2024-04-02T15:38:24.65+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 90%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPM%3C/text%3E%3C/svg%3E)
Pauline Mbabu
90
Reputation points Microsoft Employee
1 answer
Why Occurs This Porblem (This App has been blocked by System Administrator) in Domain Network
when we open some Application in our Computer it gives us this problem (This App has been blocked by System Administrator) in Domain Network, Why occurs this problem and how to solve it. Thanks alot.
asked 2024-03-31T05:37:26.7133333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 87%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
Atiqullah Miakhil
0
Reputation points
commented 2024-04-02T05:05:23.2633333+00:00
Lex Li (Microsoft)
5,157
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
How to avoid to notify users that this was a phishing alert
I created a phishing attack and sent it to test users. that works, but when the user clicks on the link or provides his crentials, he gots immediately a message saying that it was an alert. The problem is, if I send the alert to a complete department,…
asked 2024-03-14T17:07:25.4766667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 31%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEO%3C/text%3E%3C/svg%3E)
Emmanuelle OTT
20
Reputation points
accepted 2024-03-26T10:43:25.9+00:00
Emmanuelle OTT
20
Reputation points
1 answer
I can't RMS and IRM for use labels with permissions configurations.
Currently, I am responsible for configuring and creating sensitivity labels and label policy. I've already created the labels and label policy, which were published to our test group before being enabled organization-wide. The sensitivity label has…
Microsoft 365
Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
4,205 questions
Azure
Azure
A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.
1,055 questions
SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
10,130 questions
Microsoft Purview
Microsoft Purview
A Microsoft data governance service that helps manage and govern on-premises, multicloud, and software-as-a-service data. Previously known as Azure Purview.
1,024 questions
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
174 questions
asked 2024-03-14T22:15:03.9433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 65%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECF%3C/text%3E%3C/svg%3E)
Charlene Fialho
0
Reputation points
edited an answer 2024-03-21T10:28:51.97+00:00
ShaikMaheer-MSFT
38,321
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Microsoft business Premium Not Support XDR solution ?
I See Microsoft Defender XDR prerequisites Not have Business Premium i don't know support ? Even if it has email protection, identity Endpoint or the need to change plans. This link :…
asked 2024-03-17T11:35:13.5533333+00:00
TECHIT SRIWICHAI
160
Reputation points
commented 2024-03-19T02:43:19.0933333+00:00
TECHIT SRIWICHAI
160
Reputation points
0 answers
third party phishing simulations
Long story short, The issue is, recently when sending Sophos Phish Threat Campaigns with attachments, end users are not getting the initial campaign email, but instead are getting the follow-up email informing them that they’ve failed and have been…
asked 2023-12-07T00:35:02.58+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 24%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
Christian
5
Reputation points
commented 2024-03-15T12:46:40.37+00:00
Catherine Kyalo
655
Reputation points Microsoft Employee
0 answers
Attack simulation training - customize text hover of phishing link
Hello everyone, I'm currently working in a phishing simulation and I wanted to know if it's possible to change the hover text of phishing link. I tried directly in the html code as I'm doing my own mail template but it doesn't work, seems like the tool…
asked 2023-12-07T13:19:04.2366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 97%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELC%3C/text%3E%3C/svg%3E)
Loïc
85
Reputation points
commented 2024-03-15T12:41:13.9466667+00:00
Catherine Kyalo
655
Reputation points Microsoft Employee
1 answer
Office 365 Attack Simulator
I want to run an Office 365 attack simulation training phishing test in a Customer. According to the article below, I need either one of these licenses: Microsoft 365 E5 or Microsoft Defender for Office 365 Plan 2…
Microsoft 365
Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
4,205 questions
Office
Office
A suite of Microsoft productivity software that supports common business tasks, including word processing, email, presentations, and data management and analysis.
1,432 questions
Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,815 questions
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
174 questions
asked 2024-03-01T18:39:03.5533333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 96%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAF%3C/text%3E%3C/svg%3E)
Anderson Fajardo
0
Reputation points
answered 2024-03-15T12:35:51.7166667+00:00
Catherine Kyalo
655
Reputation points Microsoft Employee
1 answer
Microsoft 365 Defender: IdentityLogonEvents Query to Detect Logon from Foreign Countries and IP Addresses
Is it possible to write a query based on IdentityLogonEvents table to find Azure AD's sign-in or log-on attempts from a foreign country or IP address? Thanks!
asked 2023-07-14T14:17:16.6966667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 15%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKT%3C/text%3E%3C/svg%3E)
Khoa Tran
40
Reputation points
answered 2024-03-15T11:52:48.6566667+00:00
Catherine Kyalo
655
Reputation points Microsoft Employee
1 answer
Attack Simulation Training Modules
I am trying to find away to download the attack simulation training modules to share with our training folks for evaluation or grant them proper access to view the modules directly off the attack simulation portal. Any thoughts?
asked 2024-01-23T17:30:21.5266667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 51%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPS%3C/text%3E%3C/svg%3E)
Patrick Selby
0
Reputation points
answered 2024-03-15T10:54:39.4033333+00:00
Catherine Kyalo
655
Reputation points Microsoft Employee
1 answer
Unable to map login page into payload in MS Defender: Attack Simulation
We are trying to initialize the Credential Harvest Attack Simulation feature in Defender but I'm running into an issue where I'm unable to map login page to payload that I have created. I did receive the test phishing email with the hyperlink inside, but…
asked 2023-12-12T01:30:02.8433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 78%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKY%3C/text%3E%3C/svg%3E)
Kong Yong
0
Reputation points
answered 2024-03-15T10:44:43.59+00:00
Catherine Kyalo
655
Reputation points Microsoft Employee
1 answer
Analyse MDE ASR(Attack Surface reduction) rules
Hello everyone, Recently, we implemented ASR (Attack Surface Reduction) rules in audit mode across approximately 3000 workstations, and upon review, we observed a significant number of detection actions on the Microsoft Defender for Endpoint (MDE)…
asked 2024-01-23T16:04:16.02+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 67%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
CoCompany
0
Reputation points
answered 2024-03-15T10:36:45.61+00:00
Catherine Kyalo
655
Reputation points Microsoft Employee
1 answer
What permission do I need to access Microsoft Defender - Incidents?
I'm currently accessing a incident on our environment but I can't access it. It gives my this error message. "You can’t access this section. Sorry, you can’t access this section. Check with your administrator for the role-based access permissions…
asked 2024-03-12T13:12:45.6966667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 59%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EG%3C/text%3E%3C/svg%3E)
GeneR
0
Reputation points
answered 2024-03-12T21:18:43.36+00:00
James Hamil
22,891
Reputation points Microsoft Employee
2 answers
One of the answers was accepted by the question author.
Defender XDR - Broswer extension
Hello, We have the all Defender P1/P2 plan, etc. We had in the past few months in the device page the software inventory->Browser extension. Now, we can received the Data from there and would like to know if something change in the platform or if i…
asked 2024-03-05T19:16:51.87+00:00
Étienne Fiset
50
Reputation points
accepted 2024-03-12T13:20:13.8733333+00:00
Étienne Fiset
50
Reputation points
1 answer
One of the answers was accepted by the question author.
suspicious log in defender for endpoint
Hi everyone, I stumbled upon these logs from a machine, they seem very suspicious and not normal, should I be worried? Thanks.
2 answers
One of the answers was accepted by the question author.
Windows Defender Protection History Deletion Issue
Dear Microsoft Support Team, I hope this finds you well. I am writing to seek your assistance in resolving an issue I am facing related to Windows Defender Protection History. I wish to delete the history for security and privacy reasons; however, I am…
asked 2023-07-18T21:18:08.9966667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 8%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
Asma Muzzamil
25
Reputation points
accepted 2024-03-10T16:38:16.5966667+00:00
Asma Muzzamil
25
Reputation points
1 answer
About Authenticator app
I had to change my instagram password and during login I can't find instagram on authenticator app. Kindly help
asked 2024-03-07T01:12:03.1+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 19%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAD%3C/text%3E%3C/svg%3E)
Aligeti, Divya
0
Reputation points
commented 2024-03-07T13:54:59.92+00:00
Aligeti, Divya
0
Reputation points