1,423 questions with Microsoft Defender for Cloud-related tags
How do i track a user browsing activities in intune or defender?
Dear All, I would like to review a user browsing history. In Defender advance hunting, i had entered the following queries (from copilot) but when i run, there is no data returned, anyone know how modify the code so that it return the user browsing…
OpenSSL vulnerabilities in Defender for latest version Microsoft Products
My org has several OpenSSL vulnerabilities for OneDrive and Azure Disk Encryption. The CVEs are CVE-2024-4603, CVE-2024-4741, CVE-2024-5535, and Defender was said to fix inaccuracies with these last month (Sept. 2024).…
Microsoft XDR (Defender) - How to export - Advanced Hunting - Custom Detection Rules
Hello everyone, Our team is trying to export the Custom Detection Rules. We have more than 50 rules, so we need an automated process that allows us to export and import the rules. Currently, we see that the API function that allows this is still in beta:…
How to fix Critical/High/Medium vulnerabilities for OpenSSL for months now
We got notified of new Critical/High/Medium vulnerabilities for OpenSSL for months now, this time showing us hundreds of affected files ranging from AImeeting, MicosoftPaint, OneDrive, Nvidia, Cisco apps, Intel, the list goes on. I'm beginning to…
Azure secure score
Hi, We have issues regarding defender for cloud and secure score. There has been a massive drop the latest month. What spesific is the issue or changes that you have made? We also need information if there will be any new changes. We have customers…
Filter by Alert Name on Security Microsoft
How we can filter based on alert name on security.microoft.com?
defender is not publishing the health docker image health status even after 3 hrs
I could see azure defender cloud is not publishing health status of a docker images which got pushed to the ACR repository even after 3 hrs . This is kept on happening for multiple images randomly I have raise multiple complains not getting a proper and…
How to disable Microsoft Defender for cloud on VS subscription
I am using a Visual Studio subscription. My Synapse and Azure SQL resources use Microsoft Defender for Cloud, and I am unable to disable this for these resources. As a result, most of the costs are associated with Defender for Cloud, causing my VS…
"Disabled accounts with X permissions on Azure resources should be removed" is Showing Active Accounts
I review our Microsoft Defender Secure Score for each of 3 subscriptions weekly and noticed a huge reduction in one of them. The following are the recommendations for this subscription in particular: "Disabled accounts with read and write…
How do I onboard my device into MDE without the MDE service and SENSE service running?
Hi all, I was wondering if someone knew how I can install Defender for Endpoint on my device. I tried installing MDE using the onboarding package (local script for windows 10/11), but it keeps returning this to me: Starting Microsoft Defender for…
MS Defender Automated Simulation Training: How to have new users to live attack simulation training
Hi I am trying to setup MS Defender attack simulation training for staff. I have a number of queries regarding setup. 1: We have a live training campaign which we require all new staff members to complete. Please outline the process of having a new user…
Replacing a third party AV with Defender for Cloud
I'm in the process of rolling out Defender for Servers via Defender for Cloud subscription to onboarded ARC on-prem machines (Windows and Linux). The current solution uses a lot of file and folder exceptions. I've rolled out to a few test machines but i…
Difference between Microsoft Defender for Business and Defender for Endpoint?
Hi. Would be pleased to have these answers. Thank you. What is the difference between Microsoft Defender for Business and Defender for Endpoint? Is Defender for Endpoint included in Defender for Business? Is there any limitation for in Defender for…
Why defender for endpoints say that does't exist the CVE-2013-3900 and when I see the REG entry, they really exist ?
In the Microsoft Defender for Endpoint (MDE) console, when I search for CVE-2013-3900 (WinVerifyTrust), the results show zero vulnerable endpoints. However, mitigating this CVE primarily involves creating a registry entry, and in all the endpoints I’ve…
Microsoft Defender for Endpoint for US Government customers
Hi, are these endpoints still relevant? I'm having issues configuring them with GCC High. https://learn.microsoft.com/en-us/defender-endpoint/gov#api
How can I retrieve both Active and Disabled Vulnerabilities from Azure Defender for Cloud using Graph Query?
Working with the "Azure registry container images should have vulnerabilities resolved" recommendation in Defender for Cloud, my company wants to prevent this rec from effecting our security score, but without setting an exemption for the rec…
OpenSSL Vulnerability Shown on Microsoft Defender for Cloud Dashboard - OneDrive affected app
An OpenSSL vulnerability has been flagged on one of our devices by Microsoft Defender for Cloud. The vulnerability has listed two dll files as the main culprits (both installed via OneDrive): libcrypto-3-x64.dll libssl-3-x64.dll The OneDrive version…
Can we send Defender for Cloud's logs to Sentinel's LAW without "Defender for cloud connector" configured in Sentinel?
Question: While deploying Defender for Cloud, if we select the same LAW (workspace) that Sentinel is using, do we still need to configure Defender for Cloud connector and configure it in Sentinel? In this scenario, do Defender for Cloud and Sentinel's…
Microsoft Defender for Endpoint not Onboarding
Hello, My team is having trouble onboarding Microsoft Defender for Endpoint because the Advanced Threat Protection Service won't start. It looks like the SENSE service is also not starting and is stuck in START_PENDING. I tried rebooting the device and…
Integrating Microsoft Defender for Cloud Apps with Microsoft Defender for Cloud
The CIS Benchmark 2.1 for Azure recommends integrating Microsoft Defender for Cloud Apps with Microsoft Defender for Cloud by selecting the appropriate setting. However, the method described in the CIS document does not work for us as we cannot find the…