27 questions with Microsoft Defender for Endpoint Training-related tags
Is there a difference between SCCM endpoint and Defender for endpoint (P1 and P2)?
Can someone explain the difference between SCCM endpoint and Defender for endpoint (P1 and P2)? Also, I'd like to know if Defender for endpoint is an upgrade to SCCM endpoint and if it is worth the additional cost.
My Microsoft Attack Simulator emails get quarantined when user's report them, why is that?
I am working on creating a phishing simulation for my organization; normally when we have a phishing campaign simulation, we send a copy of our reported emails to our shared security team mailbox. This gives us quick reference for user reports and…
How to onboard Defender via userdata scripts?
I am trying to onboard defender to windows servers. By following onboarding steps 1 to 4 in this doco, I was able to onboard defender to windows servers manually. However, we are using userdata powershell scripts for our windows server. I need to put all…
MS Graph - where to find detectedAppID for windowsProtectionState
Hi We are currently building a reporting system for all Client / Server Systems, which should contain Intune Configs / State and Defender Informations. All our Clients (win 10 / 11) are intune managed with Defender Policies + ATP Onboarded. As far as I…
How to fully Uninstall/Clean-up Microsoft Defender Endpoint
Hello, We are having issues trying to use a migration tool to move our devices to another Microsoft tenant. It seems to be struggling gaining access and deleting a regkey that is link to a service for MDE. The tool is running and using the system…
![](https://techprofile.blob.core.windows.net/images/7EQ5-HY98kGi4i9V9wyPSg.png?8DAAFF)
Unable to onboard some devices in MS Defender
I have 6 devices enrolled in Intune, but only 3 devices are showing as onboarded in the Microsoft Defender portal. The other 3 devices are displaying a status of "Not applicable" in Intune. I am unable to identify any issues causing this…
![](https://techprofile.blob.core.windows.net/images/a2dbb28782bd4a3d9013b3ee9f354ec6.png)
What pre-built role to read the Microsoft Defender for Endpoint and vulnerabilities
what pre-built role (in intune or Entra ID) can be assigned to read the Microsoft Defender for Endpoint and vulnerabilities, Global Reader and Security Reader can only Read Defender for Identity or Defender for cloud but for some reason can't access to…
Custom detection rule
We see that 90% of the SPAM geared toward students comes from fake Gmail accounts. In Advanced Hunting I created a KQL query to find any Gmail account that sent more than 40 emails from the same account I saved it as a Custom Detection Rule. …
Exception Handling for Defender & Third-Party EDR Conflict
Hello. We are currently operating Microsoft Defender for Cloud (MDC). We aim to comply with one of MDC's recommendations, 'EDR solution should be installed on Virtual Machines.' While Windows machines have Microsoft Defender for Endpoint (MDE) installed…
Microsoft Intune connection with defender endpoint grayed out (A Microsoft Intune license was not found. )
I have a dev tenant with E5 Dev license, but i am not able to connect Intune with endpoint defender.
Defender For Endpoint Plan1 with M365 Business Standard
I have Business Standard+ Defender for Endpoint Plan 1. I was trying to enrol a device through Microsoft Defender portal. I went to Settings . But there is no Endpoint option in it. The only options available are Defender Portal , Defender Xdr, Email ,…
Endpoint/Intune Device Enrollment Authorization
Is there a way to create a script in Intune/Endpoint that when a device is trying enrolled with company portal to the tenant, sends or requires an authorization from an admin before completing the enrollment or compliant process? Or a conditional access…
Defender for Endpoint - Migrating servers from Microsoft Monitoring Agent to the unified solution
Hi, I am following https://video2.skills-academy.com/en-us/defender-endpoint/application-deployment-via-mecm but on test machine nothing is happening - machine onboarded to MDEP (Windows Server 2016) using MMA. I think…
![](https://techprofile.blob.core.windows.net/images/7EQ5-HY98kGi4i9V9wyPSg.png?8DAAFF)
Email notification when a automation investigation has started
Hi all, Is it possible for me as an admin to receive email notification if an automation investigation has taken place on a device / user?
How to secure my network from getting exploit
@Anonymous I have purchased Defender for Endpoint P2 license i want to block hackers to exploit in my network as i dont have firewall installed in my network. Is there any feature in plan 1 or plan 2 which helps in blocking and provide network…
![](https://techprofile.blob.core.windows.net/images/7EQ5-HY98kGi4i9V9wyPSg.png?8DAAFF)
VFP7 MICROSOFT VISUAL
Fatal error: Exception code = C0000005 @ 05/08/2024 10:59:06 AM. Error log file: C:\Program Files\Common Files\Microsoft Shared\VFP\vfp7rerr.log
Mouse and Keyboard installtion blocked by DEfender for Endpoint ASR policy
Hi, I am creating a new policy for removal device protection under Defender for endpoint (ASR). now along with removal storage devices. all mouse and keyboard's are getting blocked. is there a way to exclude such devices from policy?
Defender I use GPO Can Switch Config policy On Defender Mange by MDE device configuration management ?
Now plan deploy MDE my PC joins local AD which makes it difficult to manage policy through GPO. Is this possible? If I want to use Switch Gpo policy through Device configuration management MDE?
![](https://techprofile.blob.core.windows.net/images/MJu1o5MekEyM2pnVukCCLg.png?8DBB59)
30 day challenge for security operations analyst cert module numbers inconsistent
I am doing the 30 day challenge for sc-200 Security Operations Analyst. I have done the 53 modules stated in the challenge, however, my status says 53 of 54 modules completed. I have no info how to get to the 54th module if it exists! URL:…
![](https://techprofile.blob.core.windows.net/images/DisDOuODoEuYISSGHh8RCg.png?8DC234)
![](https://techprofile.blob.core.windows.net/images/DisDOuODoEuYISSGHh8RCg.png?8DC234)