175 questions with Microsoft Defender for Identity-related tags

Sort by: Updated
Updated Created Answers
0 answers

My Virus scanner found this behavior: pid:5832:574716009243851 with regkeyvalue: HKCU@S-1-5-21-1394083002-813431687-1941296365-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Acrobat reader update. how to fix it?

Hello, I connected my camera memory to my PC and suddenly all my photos were gone and my windows defender went crazy. The touchpad and keyboard are suddenly working irregularly so I scanned for viruses and this is the result : behavior:…

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
4,997 questions
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
175 questions
asked 2023-11-09T16:55:08.7033333+00:00
Bahar 0 Reputation points
edited the question 2023-11-09T18:46:41.43+00:00
Monalla-MSFT 12,766 Reputation points
1 answer

Defender for Identity re-install error "value cannot be null. parameter name path1"

One of our MDI sensors stopped communicating last night, maybe linked to a windows update, I tried restarting the services and rebooting when that didn't work. I then tried uninstalling and reinstalling the sensor, it looks like the senosr is now part…

Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
175 questions
asked 2023-10-25T11:06:15.5766667+00:00
Darryl 256 Reputation points
commented 2023-11-02T14:00:35.4033333+00:00
Roger 0 Reputation points
2 answers

How to download emails from M365 defender or MS Purview for analysis purposes as our SecOps team wants this capability to download emails and do their analysis on those emails which were delivered to end users?

How to download emails from M365 defender or MS Purview for analysis purposes as our SecOps team wants this capability to download emails and do their analysis on those emails which were delivered to end users?

Microsoft Exchange Online
Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
4,342 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,250 questions
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
175 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,352 questions
asked 2023-10-12T10:43:53.1+00:00
Vinod Survase 4,716 Reputation points
commented 2023-10-20T16:53:36.21+00:00
JamesTran-MSFT 36,531 Reputation points Microsoft Employee
0 answers

Software incorrectly flagged as false positive

Hi I’m writing this to request assistance with a recent issue we encountered involving Windows Defender. Our software was incorrectly flagged as a false positive. We then quickly uploaded it to false positive submission portal…

Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
175 questions
asked 2023-10-19T04:45:09.1366667+00:00
Researcher 6 Reputation points
1 answer One of the answers was accepted by the question author.

Cross tenant Defender API to PowerBI

Hi, As the title says, i am looking for a way to combine MS Defender API information from multiple tenants into 1 PowerBI table. I can query this with my user account for 1 tenant but i want to query it for multiple tenants in 1 click. Can someone advise…

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,250 questions
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
175 questions
asked 2023-10-11T12:48:09.5433333+00:00
Berghegen, Nick 20 Reputation points
accepted 2023-10-12T07:42:04.7533333+00:00
Berghegen, Nick 20 Reputation points
0 answers

Actively defending against what I think is a ransomware attack

Hey, Guys! I am actively being attacked by what I assume is a ransomware peddling slime ball. We are a small business, and my boss’ 365 account want compromised yesterday. I use my private gaming PC for working as well - with a local account that I use…

Windows 365 Business
Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,368 questions
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
175 questions
asked 2023-09-27T10:14:11.22+00:00
Anonymous
edited the question 2023-10-05T09:56:45.26+00:00
VenkateshDodda-MSFT 19,631 Reputation points Microsoft Employee
1 answer One of the answers was accepted by the question author.

What these listed action do when we do perform them via M365 Defender under "Explorer" on Phish/Spam emails?

What these listed action do when we do perform them via M365 Defender under "Explorer" on Phish/Spam emails? Is there any official document which states all about these options and their actions? See below screenshot.

Microsoft 365
Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
4,217 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,250 questions
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
175 questions
Microsoft Defender for Cloud Apps
Microsoft Defender for Cloud Apps
A Microsoft cloud access security broker that enables customers to control the access and use of software as a service apps in their organization.
118 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,352 questions
asked 2023-09-25T14:18:57.74+00:00
Vinod Survase 4,716 Reputation points
commented 2023-10-01T07:05:32.6733333+00:00
Vinod Survase 4,716 Reputation points
1 answer

How to get alerts/notifications from M365 Defender for Endpoints, Identity and others when there is new updates and vulnerabilities if any are available on any the third-party apps like Chrome, Firefox and others?

How to get alerts/notifications from M365 Defender for Endpoints, Identity and others when there is new updates and vulnerabilities if any are available on any the third-party apps like Chrome, Firefox and others?

Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
175 questions
Microsoft Defender for Cloud Apps
Microsoft Defender for Cloud Apps
A Microsoft cloud access security broker that enables customers to control the access and use of software as a service apps in their organization.
118 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,352 questions
asked 2023-09-23T10:48:32.62+00:00
Vinod Survase 4,716 Reputation points
answered 2023-09-30T07:27:47.27+00:00
Rhys Bristow 160 Reputation points
3 answers

Defender for Identity - Directory Services Advanced Auditing is not enabled

Hi Everyone, We have followed the following guide from Microsoft in regards to enabling "advanced auditing" for Defender for Identity: https://video2.skills-academy.com/en-us/defender-for-identity/configure-windows-event-collection However, we keep…

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
4,997 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,149 questions
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
175 questions
asked 2023-09-27T20:12:12.2233333+00:00
OwlTecAB 40 Reputation points
edited an answer 2023-09-28T17:15:44.5133333+00:00
OwlTecAB 40 Reputation points
0 answers

OpenSSL vulnerabilities showing in Defender Dashboard

We have serval devices indicating a OpenSSL vulnerability. It is multiple applications through out our devices. There are two dlls that are flagged libcrypto-3-x64.dll and libssl-3-x64.dll. Is defender throwing false positives? If they are not false…

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
11,065 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,250 questions
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
175 questions
Microsoft Defender for Cloud Apps
Microsoft Defender for Cloud Apps
A Microsoft cloud access security broker that enables customers to control the access and use of software as a service apps in their organization.
118 questions
asked 2023-09-22T20:24:03.2033333+00:00
Jeff Thorne 40 Reputation points
commented 2023-09-27T05:28:47.2966667+00:00
Givary-MSFT 30,251 Reputation points Microsoft Employee
1 answer

Onboarding devices to Microsoft Defender for endpoint

Hi team, Could you please send me steps on how to manage security settings through Defender for endpoint. Also, we don't want to enroll devices to intune, we just want to manage them through Defender. Thank you for your help.

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,250 questions
Microsoft Intune Enrollment
Microsoft Intune Enrollment
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Enrollment: The process of requesting, receiving, and installing a certificate.
1,302 questions
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
175 questions
Microsoft Defender for Cloud Apps
Microsoft Defender for Cloud Apps
A Microsoft cloud access security broker that enables customers to control the access and use of software as a service apps in their organization.
118 questions
asked 2023-09-13T21:57:36.5333333+00:00
J-3804 1,566 Reputation points
answered 2023-09-14T01:59:55.48+00:00
Crystal-MSFT 45,656 Reputation points Microsoft Vendor
1 answer One of the answers was accepted by the question author.

User reported email as malware. It was in the junk folder and reported by user from there,

User reported email as malware. It was in the junk folder and reported by user from there. Is there any difference if we submit email to MS for analysis now ? What does result and marked as even mean ?

Microsoft 365
Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
4,217 questions
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
175 questions
asked 2023-09-11T08:17:03.9733333+00:00
Rishineken Pongen 166 Reputation points
accepted 2023-09-13T00:24:20.3133333+00:00
Rishineken Pongen 166 Reputation points
2 answers

Unable to manage SCEP after OS upgrade to 2019

Before OS upgrade, we have uninstall SCEP and after 2019 OS SCEP is snowing as installed but give below error The service could not be started Any suggestion how to manage SCEP client from SCCM after Server OS upgrade to 2019, please share if there any…

Microsoft Configuration Manager Updates
Microsoft Configuration Manager Updates
Microsoft Configuration Manager: An integrated solution for for managing large groups of personal computers and servers.Updates: Broadly released fixes addressing specific issue(s) or related bug(s). Updates may also include new or modified features (i.e. changing default behavior).
1,005 questions
Microsoft Configuration Manager
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
175 questions
asked 2023-05-26T18:16:44.65+00:00
Kalyan Sundar 561 Reputation points
answered 2023-09-08T06:17:48.7666667+00:00
Wasif Abdul Qadeer 0 Reputation points
1 answer

Microsoft Defender in Chrome

Hi, I have just one question, Microsoft Defender Application Guard, has it been discontinued? If so, could you send me the documentation?

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,250 questions
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
175 questions
asked 2023-09-06T14:23:45.3333333+00:00
Leticia Hylary Silva 0 Reputation points
answered 2023-09-07T06:29:03.5133333+00:00
Givary-MSFT 30,251 Reputation points Microsoft Employee
2 answers

Issue with Attack Simulator - Not all targeted users showing up

Hello, I'm currently experiencing issues with the Attack Simulator. I'm running a phishing simulation, and I've selected the "Include all users in my organization" option, which should total to 193 users. However, the pages are only adding up…

Microsoft 365
Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
4,217 questions
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
175 questions
asked 2023-08-19T16:28:50.4133333+00:00
Maxxxi 0 Reputation points
answered 2023-08-20T11:48:23.1166667+00:00
Iftikhar Ali 170 Reputation points
1 answer One of the answers was accepted by the question author.

Onboarding devices on Microsoft 365 Defender remotely

Hello, I have a question regarding onboarding devices on Microsoft 365 Defender. I was wondering if I could onboard computers in my domain remotely by a local script using PowerShell or PsTools without logging in User's computer? Thank you for…

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,250 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,040 questions
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
175 questions
Microsoft Defender for Cloud Apps
Microsoft Defender for Cloud Apps
A Microsoft cloud access security broker that enables customers to control the access and use of software as a service apps in their organization.
118 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,352 questions
asked 2023-08-10T05:46:34.02+00:00
ehsanshirazi 80 Reputation points
accepted 2023-08-11T04:43:41.9666667+00:00
ehsanshirazi 80 Reputation points
0 answers

MDI AD Sensor - Unable to install silent with proxy parameter

Hi, I'm trying to install the ATP sensor for MDI on our AD. The installation through the GUI setup.exe failed with an error code leading to the our use of a proxy. I am now trying to install it through the silent install using CMD with the proxy…

Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
175 questions
asked 2023-08-07T18:11:54.5266667+00:00
Sébastien Brulotte (DARSSS) 0 Reputation points
1 answer

Enrolling Devices into Intune via Work or School but it says Managed by mmdprov, then when I reload, it disappears

I am attempting to enroll devices into Intune using the Work or School account method. However, during this process, I notice a message stating that the device is "Managed by mmdprov". This message disappears upon reloading the page. Can you…

Microsoft Intune Configuration
Microsoft Intune Configuration
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Configuration: The process of arranging or setting up computer systems, hardware, or software.
1,784 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,665 questions
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
175 questions
asked 2023-08-02T16:40:53.2366667+00:00
Brandon S 0 Reputation points
commented 2023-08-07T02:38:59.58+00:00
Crystal-MSFT 45,656 Reputation points Microsoft Vendor
0 answers

How Defender EASM found open port 500 on my IP address, and using Nmap scanner I didn't find that the port is open?

I'm using defender currently on a 30 day trial, I'm wondering how Defender EASM managed to find open port 500. I've used Nmap scanner with different switches and tried to scan port 500 directly but I got no result that the port is open. Now I don't know…

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,250 questions
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
175 questions
Microsoft Defender for Cloud Apps
Microsoft Defender for Cloud Apps
A Microsoft cloud access security broker that enables customers to control the access and use of software as a service apps in their organization.
118 questions
asked 2023-07-15T08:11:25.85+00:00
FP 0 Reputation points
commented 2023-08-01T09:52:33.88+00:00
Givary-MSFT 30,251 Reputation points Microsoft Employee
1 answer

Microsoft 365 Defender for Business not updating exposed devices

Dear all, I have been working with Microsoft 365 Defender for Business for several months now in synchronization with Microsoft Intune. I have been mitigating vulnerabilities through packet updates (Google Chrome, Adobe Acrobat and so on) with any issue…

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
11,065 questions
Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
8,788 questions
Microsoft Intune Updates
Microsoft Intune Updates
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Updates: Broadly released fixes addressing specific issue(s) or related bug(s). Updates may also include new or modified features (i.e. changing default behavior).
91 questions
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
175 questions
asked 2023-07-28T10:19:40.89+00:00
Guillem Albert 0 Reputation points
answered 2023-07-31T11:06:56.4533333+00:00
Limitless Technology 44,081 Reputation points