1,402 questions with Microsoft Defender for Cloud-related tags
Microsoft Defender for Endpoint not Onboarding
Hello, My team is having trouble onboarding Microsoft Defender for Endpoint because the Advanced Threat Protection Service won't start. It looks like the SENSE service is also not starting and is stuck in START_PENDING. I tried rebooting the device and…
Vulnerability Assessment and Penetration Test Report.
Hi Experts, One of our client is requesting a VAPT (Vulnerability Assessment and Penetration Testing) report from the cloud provider. Is it possible to obtain such a report from Microsoft, particularly after addressing any vulnerabilities? We are using…
Incidents in Microsoft Sentinel Auto-Closing Without Automation Rules
I'm currently using Microsoft Sentinel and noticing that some incidents are automatically closing themselves, sometimes with the reason "resolved at source" or no comment at all. I've checked for any automation rules or playbooks that might be…
Defender for Servers or containers covers VMs on Containers?
We have a scenario wherein we are to have AKS clusters with containers. We would be running VMs on these containers. We wanted to understand if Defender for servers or Defender for containers or MDE covers these VMs from security standpoint at OS level,…
Identity Secure Score Regression without making any changes
Hello, Our Identity Secure Score in Entra ID has dropped from 79.98% to 50.36% without any changes made on our part. Using Microsoft Defender, we can view the Microsoft Secure Score, which is different from the Entra Identity Secure Score. However, we…
Tag name effect on Azure Defender for Cloud alerts
Hello! I am wondering if Tag names are case sensitive in case of Defender for Cloud sending alerts. For example if Defender for Cloud sends an alert based on the tag "Owner" would it also send notifications for: "Owner " …
Defender recommendation issue
In Defender for cloud, I'm getting Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost recommendations, but in my Azure VM EncryptionAtHost enabled already, I have checked connection between VM and Azure monitor and also…
MDE (WCF- Wild Card & FQDN is not there)
WCF, why there is no wildcard option or FQDN for allow and block list in WCF (MDE)
Error when disabling "OpenSourceRelationalDatabases" plan in Defender for Cloud
I catch error when disabling "OpenSourceRelationalDatabases" plan in Defender for Cloud. "(AuthorizationFailed) Azure Security Center has no access to act on behalf of the subscription, please contact your tenant administrator Code:…
Disabling recommendations in Azure CSPM Preview
We are using Defender for Cloud with both the Microsoft cloud security benchmark and Azure CSPM (Preview) security policy standards. Where we have a use-case for disabling a recommendation in MCSB, I can easily do this as it is managed via Azure Policy…
Insecure Azure storage SAS token
Hi, I am getting the recommendation "Insecure Azure storage SAS token" in Defender for the cloud. How to resolve it?
Bulk Disable Defender Security Policies
Hi, We have circa 280 individual subscriptions which have the MS cloud security benchmark enabled, which we would like to remove from all. Is there a convenient powershell command or similar which would allow me remove this from all subs at…
How to fully Uninstall/Clean-up Microsoft Defender Endpoint
Hello, We are having issues trying to use a migration tool to move our devices to another Microsoft tenant. It seems to be struggling gaining access and deleting a regkey that is link to a service for MDE. The tool is running and using the system…
Microsoft Defender is still showing a resolved recommendation.
Microsoft Defender for Cloud recommended to enable encryption at host in one of my Windows VM and I enabled encryption at host in that VM. But Microsoft Defender is still showing that recommendation. Can anyone answer why Defender is showing the resolved…
Zero Day Defender For Endpoint and M365 and Cloud Apps and Entra
Threatlocker can learn and block zero day malware. Darktrace is constantly learning about new threats. How does Microsoft’s tools compare with the above 2 solutions in regards to using AI to relearn and detect beyond simply hash lookups. for: Edr Dlp …
Both full and quick scans are out of 7 days
I would like to know why it shows as Both full and quick scans are out of 7 days? Already verified the below. Defender for Cloud enabled on your Azure account. You must have either of the following plans enabled on Defender for Cloud enabled on your…
Enterprise Microsoft Defender Exclusion Files and Folder Path Audit Activity
Hi Community Members, Does anyone know where would be the events to locate for Defender files and folder paths and file exclusions performed by Admins? Its an enterprise Defender solution and not home. Many Thanks.
Azure MDC - FIPS detection false positive ?
Hi, I've been working on hardening my servers for a few weeks now and there is a finding called "Windows Server must be configured to use FIPS-compliant algorithms for encryption, hashing, and signing. (STE)" that I do not manage to…
OpenSSL Vulnerability Shown on Microsoft Defender for Cloud Dashboard - OneDrive affected app
An OpenSSL vulnerability has been flagged on one of our devices by Microsoft Defender for Cloud. The vulnerability has listed two dll files as the main culprits (both installed via OneDrive): libcrypto-3-x64.dll libssl-3-x64.dll The OneDrive version…
Defender Cloud for Azure HCI
Hello, Can we use defender cloud to protect our onprem VM guest if we use Azure Stack HCI?