175 questions with Microsoft Defender for Identity-related tags

Sort by: Updated
Updated Created Answers
1 answer One of the answers was accepted by the question author.

Can the defender for identity sensor be installed on normal vms being used for DBs and Apps? because we fully cloud based and have no on prem domain controllers

Improvement Action: Start your Defender for Identity deployment, installing Sensors on Domain Controllers and other eligible servers. We need to establish if we can utilize this service on normal VMs and if there is any benefit of it?

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,250 questions
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
175 questions
Microsoft Defender for Cloud Apps
Microsoft Defender for Cloud Apps
A Microsoft cloud access security broker that enables customers to control the access and use of software as a service apps in their organization.
118 questions
asked 2023-07-24T08:06:28.89+00:00
Rizwan Assad 321 Reputation points
accepted 2023-07-26T12:06:23.26+00:00
Rizwan Assad 321 Reputation points
1 answer One of the answers was accepted by the question author.

Onboarding multiple devices by local script

Hello Microsoft, I have a question regarding onboarding devices on Microsoft 365 Defender. I was wondering if I could onboard multiple devices in a domain by a local script (more than 10 devices) !? Thank you for responding*

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,250 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,665 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,040 questions
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
175 questions
Microsoft Defender for Cloud Apps
Microsoft Defender for Cloud Apps
A Microsoft cloud access security broker that enables customers to control the access and use of software as a service apps in their organization.
118 questions
asked 2023-07-11T02:30:12.8066667+00:00
ehsanshirazi 80 Reputation points
accepted 2023-07-15T00:03:51.3233333+00:00
ehsanshirazi 80 Reputation points
1 answer One of the answers was accepted by the question author.

Micrsoft 365 Defenders: Advanced Hunting Query for Azure Sign-ins Log - Foreign IP Addresses

Hi everyone, while learning about both Azure Cloud Security and Microsoft 365 Defender, I have come up to a question: Is it possible to write a Kusto query in Advanced Hunting tab from Microsoft 365 Defender to identify foreign IP addresses and foreign…

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,250 questions
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
175 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,352 questions
asked 2023-07-13T18:44:24.46+00:00
Khoa Tran 40 Reputation points
commented 2023-07-13T19:09:37.0133333+00:00
Khoa Tran 40 Reputation points
1 answer

Is there a report in MDE to show what servers / workstations have recently been updated to ensure we are getting them all patched?

I can see in MDE that we have devices that need to be updated with the latest MDE versions. However, Infrastructure asked me to find a report that will show devices getting updated, so we know they are getting patched. I can only find devices that are…

Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
175 questions
Azure Update Manager
Azure Update Manager
An Azure service to centrally manages updates and compliance at scale.
268 questions
asked 2023-07-11T17:17:40.22+00:00
angie_725 0 Reputation points
answered 2023-07-12T11:13:50.61+00:00
Givary-MSFT 30,251 Reputation points Microsoft Employee
2 answers

How do I export a list of Analytics from the Defender Products

As a MSSP for Microsoft Sentinel we have the Defender MDO Data connectors enabled and we're creating Incidents based on the Alerts that are created from each of the different MDO's Defender for Identity Defender for Office 365 Defender for Endpoint …

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,250 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,040 questions
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
175 questions
Microsoft Defender for Cloud Apps
Microsoft Defender for Cloud Apps
A Microsoft cloud access security broker that enables customers to control the access and use of software as a service apps in their organization.
118 questions
asked 2023-07-10T17:55:53.18+00:00
Kentucky Mike 51 Reputation points
commented 2023-07-11T17:45:01.57+00:00
Kentucky Mike 51 Reputation points
1 answer

No active license found - Defender 365

When trying to access the Microsoft 365 Defender list incident API. I have added the required application permission to generate the bearer token. When i hit the incident endpoint i was able to see below issue. Endpoint -…

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,250 questions
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
175 questions
asked 2023-06-13T13:57:26.5+00:00
Chethan 0 Reputation points
commented 2023-06-20T13:08:13.8333333+00:00
Akshay-MSFT 17,641 Reputation points Microsoft Employee
1 answer One of the answers was accepted by the question author.

MDE_365 _Integration with SIEM(ArcSight)

Hi All, In my environment ,we have integrated Microsoft 365 defender (mde) -EDR with ArcSight ,in our case we receive only Alerts and Incidents events only in our ArcSight logs .which is creating more noise and we are not able to create any rule in…

Microsoft 365
Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
4,217 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,250 questions
Microsoft Configuration Manager Deployment
Microsoft Configuration Manager Deployment
Microsoft Configuration Manager: An integrated solution for for managing large groups of personal computers and servers.Deployment: The process of delivering, assembling, and maintaining a particular version of a software system at a site.
928 questions
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
175 questions
Microsoft Defender for Cloud Apps
Microsoft Defender for Cloud Apps
A Microsoft cloud access security broker that enables customers to control the access and use of software as a service apps in their organization.
118 questions
asked 2023-06-12T13:42:50.4533333+00:00
Akshyalakshmi Anandan Murali 20 Reputation points
accepted 2023-06-15T10:38:13.76+00:00
Akshyalakshmi Anandan Murali 20 Reputation points
2 answers One of the answers was accepted by the question author.

Azure License Allocation

Hi everyone, I am just getting started in azure which has lead me to a very junior license question. I have noticed we have a few licenses in our managed azure tenant which are not assigned. Licenses include: Microsoft Defender for Cloud Apps Microsoft…

Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
175 questions
Microsoft Defender for Cloud Apps
Microsoft Defender for Cloud Apps
A Microsoft cloud access security broker that enables customers to control the access and use of software as a service apps in their organization.
118 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,352 questions
asked 2023-06-05T05:53:34.0033333+00:00
Callum C 20 Reputation points
accepted 2023-06-05T23:09:28.7333333+00:00
Callum C 20 Reputation points
1 answer One of the answers was accepted by the question author.

What all are the capabilities of Microsoft Cloud app security in terms of monitoring the M365 apps?

What all are the capabilities of Microsoft Cloud app security in terms of monitoring the M365 apps? Also need help on below query. As I have implemented it in our tenant and it shows below on each apps for end users but how we can silently disable that…

Microsoft 365
Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
4,217 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,250 questions
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
175 questions
Microsoft Defender for Cloud Apps
Microsoft Defender for Cloud Apps
A Microsoft cloud access security broker that enables customers to control the access and use of software as a service apps in their organization.
118 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,352 questions
asked 2023-05-10T08:02:58.4466667+00:00
Vinod Survase 4,716 Reputation points
commented 2023-06-02T22:26:40.73+00:00
Marilee Turscak-MSFT 36,141 Reputation points Microsoft Employee
0 answers

I have lost the payment receipts for ms500, where should i get in the portal?

Hello Team, I have registered the MS 500 certification on Feb 5th 2023 and i have lost the payment receipts. I have to submit the receipts to the company for the reimbursement, please help me out to get the receipts. This is my Registration:…

Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
175 questions
asked 2023-06-01T08:58:14.1766667+00:00
Anup Kencharaddi 0 Reputation points
edited a comment 2023-06-01T09:04:43.67+00:00
Niranjan H R 0 Reputation points
2 answers

Defender AV - Updates

Hi All, We are facing some issues in Defender AV getting the updates. We have opened all ports as service tags and there is no deny message in the firewall. Any reason y this is failing please Defender1.jpg Defender2.jpg

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,820 questions
Microsoft Intune Security
Microsoft Intune Security
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
370 questions
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
175 questions
asked 2023-05-26T16:43:21.81+00:00
karthik palani 1,016 Reputation points
answered 2023-05-28T09:02:51.1366667+00:00
Khaled El-Sayed Mohamed 1,175 Reputation points
2 answers

I assigned sentinel contributor role to user but i am not seeing that in PIM.

I assigned sentinel contributor role to user but i am not seeing that in PIM. If u go to PIM azure resource its not loading

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,472 questions
Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,219 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,040 questions
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
175 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,352 questions
asked 2023-05-10T21:19:25.66+00:00
Dhinesh SA 40 Reputation points
answered 2023-05-20T00:04:21.2566667+00:00
Marilee Turscak-MSFT 36,141 Reputation points Microsoft Employee
2 answers

Troubleshoot SIEM tool integration issues

we have followed the docs to collect data from Microsoft Azure Event Hub, for Microsoft Defender integration on elastic stack. for some reason we're not receiving the data?

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,250 questions
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
175 questions
Microsoft Defender for Cloud Apps
Microsoft Defender for Cloud Apps
A Microsoft cloud access security broker that enables customers to control the access and use of software as a service apps in their organization.
118 questions
asked 2023-05-02T21:05:42.3033333+00:00
12980401 0 Reputation points
commented 2023-05-18T20:12:36.2933333+00:00
12980401 0 Reputation points
5 answers

Defender polices- Blocking Office APP

Hi Expert, Need your help on below issue, I have excluded for smart office from intune for users, but getting blocking popup. Can you please suggest.Blocking error.JPG

Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,665 questions
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
175 questions
asked 2023-05-11T17:46:34.6833333+00:00
TechUST 516 Reputation points
answered 2023-05-17T09:01:20.0633333+00:00
Simon Ren-MSFT 31,756 Reputation points Microsoft Vendor
1 answer

Inquire about searchings from Microsoft Defender Threat Intelligence

When searching for our company domain in Microsoft Defender Threat Intelligence, 5,000 subdomains are displayed. In fact, our company has about 100 subdomains, but thousands of them come out, which is embarrassing. I would like to ask if someone simply…

Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
175 questions
asked 2023-05-12T07:21:55.7933333+00:00
LMG 0 Reputation points
edited the question 2023-05-15T16:38:56.3133333+00:00
Joe Friend 41 Reputation points Microsoft Employee
3 answers One of the answers was accepted by the question author.

Access Review for RBAC Roles

Can i create access reviews for RBAC roles,if yes where i need create .I am not able to find the options.

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,149 questions
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
175 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,352 questions
asked 2023-05-11T10:57:37.7966667+00:00
Dhinesh SA 40 Reputation points
commented 2023-05-12T19:59:38.4+00:00
Marilee Turscak-MSFT 36,141 Reputation points Microsoft Employee
2 answers

configure settings for microsoft defender for Endpoint

Hi Team, i'm looking to Automate some of the items related to Microsoft 365 defender portal i tried searching for possible ways to login to defender portal using powershell commands but not able to do it. do we have any Mggraph related commands or…

Microsoft 365
Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
4,217 questions
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,252 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,250 questions
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
175 questions
asked 2023-05-05T08:02:36.69+00:00
Saikumar 20 Reputation points
edited an answer 2023-05-08T09:18:54.28+00:00
Zehui Yao_MSFT 5,846 Reputation points
1 answer

Can we exclude Remediated Risk state alerts in Identity Protection

We have Risk state as Remediated in the Sign in log tables. Can those alerts be excluded or should we monitor and investigate them under certain conditions with Authorization details etc.

Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
175 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,352 questions
asked 2023-04-28T13:05:41.72+00:00
Pallavi Kattepura Laxminarayan 0 Reputation points
commented 2023-05-08T03:08:12.7533333+00:00
Akshay-MSFT 17,641 Reputation points Microsoft Employee
2 answers

edit severity forwarding/redirect rule from informational to High

Hiya, we have an information alert regarding forwarding/redirect rule. We are not firing emails off for informational else we would be swamped with emails. Is there a way to change this forwarding/redirect rule. to high rather than informational , or is…

Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
4,342 questions
Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,465 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,250 questions
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
175 questions
Microsoft Defender for Cloud Apps
Microsoft Defender for Cloud Apps
A Microsoft cloud access security broker that enables customers to control the access and use of software as a service apps in their organization.
118 questions
asked 2023-04-26T13:48:21.1933333+00:00
Ray Waldron 41 Reputation points
commented 2023-05-02T07:28:44.6233333+00:00
Aholic Liang-MSFT 13,826 Reputation points Microsoft Vendor
1 answer

Track change on DC with Defender for Identity?

We have 2016 Domain Controllers and Auditing is enabled. We are trying to configure/deny read permission, for members of a group, over the Domain Admins group in Active Directory. But something is removing that change after some time.    I can find…

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,250 questions
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
175 questions
Microsoft Defender for Cloud Apps
Microsoft Defender for Cloud Apps
A Microsoft cloud access security broker that enables customers to control the access and use of software as a service apps in their organization.
118 questions
asked 2023-04-25T21:59:27.9533333+00:00
RT-7199 511 Reputation points
answered 2023-04-25T22:11:28.7833333+00:00
Andrew Blumhardt 9,831 Reputation points Microsoft Employee