175 questions with Microsoft Defender for Identity-related tags
Can the defender for identity sensor be installed on normal vms being used for DBs and Apps? because we fully cloud based and have no on prem domain controllers
Improvement Action: Start your Defender for Identity deployment, installing Sensors on Domain Controllers and other eligible servers. We need to establish if we can utilize this service on normal VMs and if there is any benefit of it?
Onboarding multiple devices by local script
Hello Microsoft, I have a question regarding onboarding devices on Microsoft 365 Defender. I was wondering if I could onboard multiple devices in a domain by a local script (more than 10 devices) !? Thank you for responding*
![](https://techprofile.blob.core.windows.net/images/MaWc65HKB0ym-ksoIgz1eQ.png?8DBD84)
![](https://techprofile.blob.core.windows.net/images/MaWc65HKB0ym-ksoIgz1eQ.png?8DBD84)
Micrsoft 365 Defenders: Advanced Hunting Query for Azure Sign-ins Log - Foreign IP Addresses
Hi everyone, while learning about both Azure Cloud Security and Microsoft 365 Defender, I have come up to a question: Is it possible to write a Kusto query in Advanced Hunting tab from Microsoft 365 Defender to identify foreign IP addresses and foreign…
Is there a report in MDE to show what servers / workstations have recently been updated to ensure we are getting them all patched?
I can see in MDE that we have devices that need to be updated with the latest MDE versions. However, Infrastructure asked me to find a report that will show devices getting updated, so we know they are getting patched. I can only find devices that are…
How do I export a list of Analytics from the Defender Products
As a MSSP for Microsoft Sentinel we have the Defender MDO Data connectors enabled and we're creating Incidents based on the Alerts that are created from each of the different MDO's Defender for Identity Defender for Office 365 Defender for Endpoint …
No active license found - Defender 365
When trying to access the Microsoft 365 Defender list incident API. I have added the required application permission to generate the bearer token. When i hit the incident endpoint i was able to see below issue. Endpoint -…
![](https://techprofile.blob.core.windows.net/images/7EQ5-HY98kGi4i9V9wyPSg.png?8DAAFF)
MDE_365 _Integration with SIEM(ArcSight)
Hi All, In my environment ,we have integrated Microsoft 365 defender (mde) -EDR with ArcSight ,in our case we receive only Alerts and Incidents events only in our ArcSight logs .which is creating more noise and we are not able to create any rule in…
Azure License Allocation
Hi everyone, I am just getting started in azure which has lead me to a very junior license question. I have noticed we have a few licenses in our managed azure tenant which are not assigned. Licenses include: Microsoft Defender for Cloud Apps Microsoft…
What all are the capabilities of Microsoft Cloud app security in terms of monitoring the M365 apps?
What all are the capabilities of Microsoft Cloud app security in terms of monitoring the M365 apps? Also need help on below query. As I have implemented it in our tenant and it shows below on each apps for end users but how we can silently disable that…
I have lost the payment receipts for ms500, where should i get in the portal?
Hello Team, I have registered the MS 500 certification on Feb 5th 2023 and i have lost the payment receipts. I have to submit the receipts to the company for the reimbursement, please help me out to get the receipts. This is my Registration:…
Defender AV - Updates
Hi All, We are facing some issues in Defender AV getting the updates. We have opened all ports as service tags and there is no deny message in the firewall. Any reason y this is failing please Defender1.jpg Defender2.jpg
![](https://techprofile.blob.core.windows.net/images/QxtuBtKPXkyIXZ8r8-5FTA.png?8DB0A7)
I assigned sentinel contributor role to user but i am not seeing that in PIM.
I assigned sentinel contributor role to user but i am not seeing that in PIM. If u go to PIM azure resource its not loading
Troubleshoot SIEM tool integration issues
we have followed the docs to collect data from Microsoft Azure Event Hub, for Microsoft Defender integration on elastic stack. for some reason we're not receiving the data?
Defender polices- Blocking Office APP
Hi Expert, Need your help on below issue, I have excluded for smart office from intune for users, but getting blocking popup. Can you please suggest.Blocking error.JPG
![](https://techprofile.blob.core.windows.net/images/G7nJDHULC06OyS6IYL6o2Q.png?8DC5BF)
![](https://techprofile.blob.core.windows.net/images/87ESmqZrLUGA2Ockp7wKAw.png?8D848E)
Inquire about searchings from Microsoft Defender Threat Intelligence
When searching for our company domain in Microsoft Defender Threat Intelligence, 5,000 subdomains are displayed. In fact, our company has about 100 subdomains, but thousands of them come out, which is embarrassing. I would like to ask if someone simply…
![](https://techprofile.blob.core.windows.net/images/d559f75224fb4350b43fd53fea83cb3c.jpg)
Access Review for RBAC Roles
Can i create access reviews for RBAC roles,if yes where i need create .I am not able to find the options.
configure settings for microsoft defender for Endpoint
Hi Team, i'm looking to Automate some of the items related to Microsoft 365 defender portal i tried searching for possible ways to login to defender portal using powershell commands but not able to do it. do we have any Mggraph related commands or…
Can we exclude Remediated Risk state alerts in Identity Protection
We have Risk state as Remediated in the Sign in log tables. Can those alerts be excluded or should we monitor and investigate them under certain conditions with Authorization details etc.
![](https://techprofile.blob.core.windows.net/images/7EQ5-HY98kGi4i9V9wyPSg.png?8DAAFF)
edit severity forwarding/redirect rule from informational to High
Hiya, we have an information alert regarding forwarding/redirect rule. We are not firing emails off for informational else we would be swamped with emails. Is there a way to change this forwarding/redirect rule. to high rather than informational , or is…
Track change on DC with Defender for Identity?
We have 2016 Domain Controllers and Auditing is enabled. We are trying to configure/deny read permission, for members of a group, over the Domain Admins group in Active Directory. But something is removing that change after some time. I can find…
![](https://techprofile.blob.core.windows.net/images/aXuH7oYyEEiHuDJT798imw.png?8D9A0B)