174 questions with Microsoft Defender for Identity-related tags
How to export payload domains and sender addresses from Attack simulation portal from M365 security defender? Is there way to get all those domains and sender addresses so that we can use for attack simulations based on our choice?
How to export payload domains and sender addresses from Attack simulation portal from M365 security defender? Is there way to get all those domains and sender addresses so that we can use for attack simulations based on our choice and know that its the…
Blocking Personal Devices While Allowing MFA for Specific Applications
Hello team, Could you please send me steps on how I can block personal devices but allow MFA access for specific applications like Citrix. Thank you for your help
![](https://techprofile.blob.core.windows.net/images/87ESmqZrLUGA2Ockp7wKAw.png?8D848E)
Using KQL in Microsoft Defender to Query files on user computers
Hello, can anyone help me with querying all computers (Windows 10 and 11) in our organization to find the location of files with a specific extension *.ref using KQL in Advanced Hunting? Is it possible to base this query on the Organizational Unit (OU)…
User reports Microsoft Authenticator prompt 'ROJMP' - Logging does not show any attempts
Hi all, We recently got a call from a user who said he got a Microsoft Authenticator authentication prompt for something called 'ROJMP'. He did not know what it was for so he declined the prompt and, to be safe, he changed his passwords. He only uses his…
API Advanced Hunting IdentityLogonEvents error
Hi everyone, I'm trying to get the Identitylogonevents result from the API, and I get a forbidden error message, I gave all rights, read all Microsoft documentation and article I found nothing. i have test all this API : #$url =…
![](https://techprofile.blob.core.windows.net/images/Xvq8boETt0uY5Losc9Q8Cw.png?8D8876)
How to block *.pdf.msi in Microsoft Defender
I was reading through security news and came across this article https://www.bleepingcomputer.com/news/security/microsoft-teams-phishing-pushes-darkgate-malware-via-group-chats/ There is a known file type of .pdf.msi that we as a company are wanting to…
Windows Defender MpCmdRun.exe Custom Scan Automation Job Failing intermittently in Production Environment using TeamCity Tool
Hello Microsoft Community, We are currently facing an issue with our TeamCity build automation, specifically related to the custom virus scan using the MpCmdRun.exe command-line utility. Our setup involves executing the command: MpCmdRun.exe -Scan…
Deploying MDI to multiple On-premise DC for monitoring purposes
Hello Team, When deploying MDI to all my on-premise domain controllers for monitoring purposes. Do I need to add new sensors for each dc? or can I use the package and access key from one sensor to all my dc's? Thank you!
![](https://techprofile.blob.core.windows.net/images/PT7QlfEdr0qdUKsDf1u5tw.png?8D801B)
Unable to install Nov 23 patch KB5032189 - curlx.exe has been quarantined by Defender
We have a lot of machine that is currently pending to be install with Nov23 patch KB5032189 . we identified based on the CBS logs that curl.exe has been corrupted. Based on Threat and Virus Protection, Defender has quarantined the mentioned file.…
Azure Active Directory Identity Protections Risk Detections not all integrate into 365 Defender for indentity
Hi, We have enabled "User report suspicious activities" in the Azure AD Multi-Factor Authentication settings. We do have a user report fraud via authenticator. And Azure Active Directory Identity Protections Risk Detections triggered…
![](https://techprofile.blob.core.windows.net/images/nILiyxilQUm_Ux6rvmuXGg.png?8DA618)
Microsoft Defender for Identity vs. Entra ID Protection differences?
Hi Folks, What are the differences between Microsoft Defender for Identity vs. Entra ID Protection? My Environment is already on Entra ID Premium P2, and some of my users already have M365 E5 license According to this article:…
![](https://techprofile.blob.core.windows.net/images/WsWYoGdWukeBW66msAr6qQ.png?8D8128)
![](https://techprofile.blob.core.windows.net/images/WsWYoGdWukeBW66msAr6qQ.png?8D8128)
How to determine if the Application or Service Principal can be safely deleted in Entra ID?
Folks, I require some assistance and explanation before deleting the App registrations or Enterprise applications based on the below indication: Owners: empty. Users and groups: empty. Sign-in Logs: no activity in the past 30 days (maximum…
![](https://techprofile.blob.core.windows.net/images/WsWYoGdWukeBW66msAr6qQ.png?8D8128)
![](https://techprofile.blob.core.windows.net/images/WsWYoGdWukeBW66msAr6qQ.png?8D8128)
The recyle Bin on C:\ is corrupted. Do you want to empty Recyle Bin for this drive?
The recyle Bin on C:\ is corrupted. Do you want to empty Recyle Bin for this drive? I say NO!!!!! it seem that when I choose yes the windows system drive, window apps, vital programing is deleted by choosing Yes. please help fixing this problem. It seem…
![](https://techprofile.blob.core.windows.net/images/kCI5S9CnTUqZrFVmnjm-pg.png?8DC235)
![](https://techprofile.blob.core.windows.net/images/kCI5S9CnTUqZrFVmnjm-pg.png?8DC235)
How to leverage Defender for Identity for Azure Domain Services
Is there a way to install sensor for Azure DS? we are fully cloud based, however there are some legacy apps that are still accessing some vms which are joined to azure DS, so can we use / install the sensor to look at those identities?
Microsoft Defender for Identity (ATP) Pricing
Hi, I was reviewing my cost consumption when I saw that Advanced Threat Protection increased. For the last few months ATP was +-$109 but for the last month ATP was $618. I don`t have any sensors. Could you help with Microsoft Defender for Identity…
Monitor one on-premise group and alert one user.
I have an on-premises group that is sensitive and needs to be monitored not just by IT but also the Devs that manage the project. So, when a user gets dropped into the group they want to be notified. I set up a custom rule in D4ID but it only goes to IT,…
Removed the unwanted app but still showing in MDE portal
Hi Community, Hope all are doing well!! am facing an issue, i saw WhatsApp application in MDE software inventory which was installed in one PC and later we uninstalled it from the PC but it is still showing in inventory under MDE portal don't know…
Is there a way to configure Microsoft Defender to send an alert whenever its settings are altered?
Is there a way to configure Microsoft Defender to send an alert whenever its settings are altered?
![](https://techprofile.blob.core.windows.net/images/PT7QlfEdr0qdUKsDf1u5tw.png?8D801B)
New Alert - Plaintext passwords on one endpoint
Good morning, We received an alert on an endpoint that we had not seen before: Plaintext passwords on one endpoint We can not find much detail from the alert other than a user may have stored their credentials in plaintext somewhere in Outlook. Has…
My auto clicker made as a windows form application is randomly being marked as a trojon
When I try to run it, it says it is a torjon and when I try to download it, it says it's a torjon even though it's a windows form application I tried to send a subbmisson to microsoft saying it was a marked wrong as a trojon, but they said it was too…