175 questions with Microsoft Defender for Identity-related tags
My Virus scanner found this behavior: pid:5832:574716009243851 with regkeyvalue: HKCU@S-1-5-21-1394083002-813431687-1941296365-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Acrobat reader update. how to fix it?
Hello, I connected my camera memory to my PC and suddenly all my photos were gone and my windows defender went crazy. The touchpad and keyboard are suddenly working irregularly so I scanned for viruses and this is the result : behavior:…
Defender for Identity re-install error "value cannot be null. parameter name path1"
One of our MDI sensors stopped communicating last night, maybe linked to a windows update, I tried restarting the services and rebooting when that didn't work. I then tried uninstalling and reinstalling the sensor, it looks like the senosr is now part…
How to download emails from M365 defender or MS Purview for analysis purposes as our SecOps team wants this capability to download emails and do their analysis on those emails which were delivered to end users?
How to download emails from M365 defender or MS Purview for analysis purposes as our SecOps team wants this capability to download emails and do their analysis on those emails which were delivered to end users?
![](https://techprofile.blob.core.windows.net/images/PT7QlfEdr0qdUKsDf1u5tw.png?8D801B)
Software incorrectly flagged as false positive
Hi I’m writing this to request assistance with a recent issue we encountered involving Windows Defender. Our software was incorrectly flagged as a false positive. We then quickly uploaded it to false positive submission portal…
Cross tenant Defender API to PowerBI
Hi, As the title says, i am looking for a way to combine MS Defender API information from multiple tenants into 1 PowerBI table. I can query this with my user account for 1 tenant but i want to query it for multiple tenants in 1 click. Can someone advise…
Actively defending against what I think is a ransomware attack
Hey, Guys! I am actively being attacked by what I assume is a ransomware peddling slime ball. We are a small business, and my boss’ 365 account want compromised yesterday. I use my private gaming PC for working as well - with a local account that I use…
![](https://techprofile.blob.core.windows.net/images/hra_WeT_hEmSpN-7GT42eA.png?8DA207)
What these listed action do when we do perform them via M365 Defender under "Explorer" on Phish/Spam emails?
What these listed action do when we do perform them via M365 Defender under "Explorer" on Phish/Spam emails? Is there any official document which states all about these options and their actions? See below screenshot.
How to get alerts/notifications from M365 Defender for Endpoints, Identity and others when there is new updates and vulnerabilities if any are available on any the third-party apps like Chrome, Firefox and others?
How to get alerts/notifications from M365 Defender for Endpoints, Identity and others when there is new updates and vulnerabilities if any are available on any the third-party apps like Chrome, Firefox and others?
Defender for Identity - Directory Services Advanced Auditing is not enabled
Hi Everyone, We have followed the following guide from Microsoft in regards to enabling "advanced auditing" for Defender for Identity: https://video2.skills-academy.com/en-us/defender-for-identity/configure-windows-event-collection However, we keep…
OpenSSL vulnerabilities showing in Defender Dashboard
We have serval devices indicating a OpenSSL vulnerability. It is multiple applications through out our devices. There are two dlls that are flagged libcrypto-3-x64.dll and libssl-3-x64.dll. Is defender throwing false positives? If they are not false…
Onboarding devices to Microsoft Defender for endpoint
Hi team, Could you please send me steps on how to manage security settings through Defender for endpoint. Also, we don't want to enroll devices to intune, we just want to manage them through Defender. Thank you for your help.
User reported email as malware. It was in the junk folder and reported by user from there,
User reported email as malware. It was in the junk folder and reported by user from there. Is there any difference if we submit email to MS for analysis now ? What does result and marked as even mean ?
Unable to manage SCEP after OS upgrade to 2019
Before OS upgrade, we have uninstall SCEP and after 2019 OS SCEP is snowing as installed but give below error The service could not be started Any suggestion how to manage SCEP client from SCCM after Server OS upgrade to 2019, please share if there any…
![](https://techprofile.blob.core.windows.net/images/rqKXesUK4UqExxDsB4Q7rQ.png?8D8904)
![](https://techprofile.blob.core.windows.net/images/YqEQpB3awESLCIGs62vtzA.png?8DA4EB)
Microsoft Defender in Chrome
Hi, I have just one question, Microsoft Defender Application Guard, has it been discontinued? If so, could you send me the documentation?
Issue with Attack Simulator - Not all targeted users showing up
Hello, I'm currently experiencing issues with the Attack Simulator. I'm running a phishing simulation, and I've selected the "Include all users in my organization" option, which should total to 193 users. However, the pages are only adding up…
![](https://techprofile.blob.core.windows.net/images/JkSyH7PnaUmSaYaWudpvWA.png?8DB9A3)
Onboarding devices on Microsoft 365 Defender remotely
Hello, I have a question regarding onboarding devices on Microsoft 365 Defender. I was wondering if I could onboard computers in my domain remotely by a local script using PowerShell or PsTools without logging in User's computer? Thank you for…
![](https://techprofile.blob.core.windows.net/images/MaWc65HKB0ym-ksoIgz1eQ.png?8DBD84)
![](https://techprofile.blob.core.windows.net/images/MaWc65HKB0ym-ksoIgz1eQ.png?8DBD84)
MDI AD Sensor - Unable to install silent with proxy parameter
Hi, I'm trying to install the ATP sensor for MDI on our AD. The installation through the GUI setup.exe failed with an error code leading to the our use of a proxy. I am now trying to install it through the silent install using CMD with the proxy…
Enrolling Devices into Intune via Work or School but it says Managed by mmdprov, then when I reload, it disappears
I am attempting to enroll devices into Intune using the Work or School account method. However, during this process, I notice a message stating that the device is "Managed by mmdprov". This message disappears upon reloading the page. Can you…
How Defender EASM found open port 500 on my IP address, and using Nmap scanner I didn't find that the port is open?
I'm using defender currently on a 30 day trial, I'm wondering how Defender EASM managed to find open port 500. I've used Nmap scanner with different switches and tried to scan port 500 directly but I got no result that the port is open. Now I don't know…
Microsoft 365 Defender for Business not updating exposed devices
Dear all, I have been working with Microsoft 365 Defender for Business for several months now in synchronization with Microsoft Intune. I have been mitigating vulnerabilities through packet updates (Google Chrome, Adobe Acrobat and so on) with any issue…