Forum Widgets
Latest Discussions
Playbooks with MDCA
I am attempting to integrate MDCA alerts with freshdesk as per the e.g. https://learn.microsoft.com/en-us/defender-cloud-apps/flow-integration I have E5 without teams licenses. I created the flow, Once from playbooks in MDCA portal and once in power automate directly and went to create a policy to test it out but the option "Sent to power automate" from the policy is always greyed out. Alerts are not automatically detected in the flow unless the action in the policy is set to send to power automate which again is greyed as option in the policies. Also playbooks tab in the MDCA portal does not show the flows I created before, It shows empty, Seems link is broken between MDCA and PowerAutomate. Any reason for this, Any Idea about this? Thanks in advance.
Problem with MDCA Session Control and Google Workspace
We have implemented MDCA Session Control with Google Workspace in a Customer. Almost all Google apps work and they are protected by Session Control, but we have found problems with Gemini, Analytics and Google Search. These apps don´t open under session control and it seems some kind of problems with SSO. Do anyone knows any fix for the problem?Filter out BYOD devices from blocking unsanctioned apps
Hi there, I've encountered an issue. When I tag a cloud app as unsanctioned, it gets blocked as expected. However, we use BYOD mobile devices that are Entra registered along with app protection policies, and the unsanctioned apps are being blocked outside the managed apps. For example, an unsanctioned app gets blocked in unmanaged safari browser on BYOD iOS device. I can't find information on how to limit the enforcement scope to only managed apps on BYODs or how to limit the enforcement scope to company-managed devices. Please help.
Cloud Discovery policy - Governance action - Scoped profile missing
Hi everyone, I wanted to create a Cloud Discovery policy that automatically tags as unsanctioned some applications but only for a scoped profiles. When tagging cloud applications manually, it's possible to scope it to a profile: However, this option doesn't exist in the governance actions section: Are there any other way to create policies that can tag but only for a device group/scoped profile? Cheers,
Admin Quarantine Location on Defender for Cloud Apps keeps going blank
Hi, I am facing an issue where when I select a file location for admin quarantine on Defender for Cloud Apps, that file path just vanishes away the next day and it comes up as a blank location. I tried changing the SharePoint site multiple times but it still goes blank after a day. Has anybody encountered this lately ?
New Blog | Introducing the new File Integrity Monitoring with Defender for Endpoint integration
By Gal Fenigshtein As part of the Log Analytics agent deprecation, Defender for Servers has introduced a new simplification strategy aiming at significantly simplifying the onboarding process and requirements needed to protect servers in the cloud, while enhancing existing capabilities and adding new ones. According to this strategy, all Defender for Servers capabilities are provided over Defender for Endpoint or cloud-native capabilities and agentless scanning for VMs, without relying on either Log Analytics Agent (MMA) or Azure Monitor Agent (AMA). This hybrid approach combines the strengths of agent-based and agentless protection, offers multi-layered security for servers. While the agent provides in-depth security and real-time detection and response, agentless and cloud-native capabilities deliver enhanced coverage, full visibility within hours, with no performance impact on machines. Security findings from both, agent-based and agentless approaches, are seamlessly integrated in Defender for Cloud, tailored to protect servers in multicloud environments. Read the full post here: Introducing the new File Integrity Monitoring with Defender for Endpoint integrationBlocking download of a file in SharePoint with a specific label
Hello Everyone, I have a sharepoint site with many files, there are few files I have labeled as "Internal", "client" and "Important". I want block the download of files that has "Important" Label. I have create the session policy in defender for cloud apps using conditional access app control. However the policy is not taking effect. In conditional access policy, I have selected the app as sharepoint online and in session control I have selected "Use custom Policy" Below is DCA session policy kindly advice. Thank you
New Blog Post: Securing Multi-Cloud Gen AI workloads using Azure Native Solutions
Note: This series is part of “Security using Azure Native services” series and assumes that you are or planning to leverage Defender for Cloud, Defender XDR Portal, and Azure Sentinel. Introduction AI Based Technology introduces a new set of security risks that may not be comprehensively covered by existing risk management frameworks. Based on our experience, customers often only consider the risks related to the Gen AI models like OpenAI or Anthropic. Thereby, not taking a holistic approach that cover all aspects of the workload. This article will help you: Understand a typical multi-cloud Gen AI workload pattern Articulate the technical risks exists in the AI workload Recommend security controls leveraging Azure Native services We will not cover Data Security (cryptography, regulatory implications etc.), model specific issues like Hallucinations, deepfakes, privacy, toxicity, societal bias, supply chain security, attacks that leverage Gen AI capabilities to manifest such as Disinformation, Deepfakes, Financial Fraud etc. Instead, we aim to provide guidance on architectural security controls that will enable secure: Configuration of AI workload Operation of the workload This is a two-part series: Part 1: Provides a framework to understand the threats related to Gen AI workloads holistically and an easy reference to the native security solutions that help mitigate. We also provide sample controls using leading industry frameworks. Part 2: Will dive deeper into the AI shared responsibility model and how that overlaps with your design choices Threat Landscape Let’s discuss some common threats: Insider abuse: An insider (human or machine) sending sensitive / proprietary information to a third party GenAI model Supply chain poisoning: Compromise of a third-party GenAI model (whether this is a SaaS or binary llm models developed by third party and downloaded by your organization) System abuse: Manipulating the model prompts to mislead the end user of the model Over privilege: Granting unrestricted permissions and capability to the model thereby allowing the model to perform unintentional actions Data theft/exfiltration: Intentional or unintentional exfiltration of the proprietary models, prompts, and model outputs Insecure configuration: Not following the leading practices when architecting and operating your AI workload Model poisoning: Tampering with the model itself to affect the desired behavior of the model Denial of Service: Impacting the performance of the model with resource intensive operations We will discuss how these threats apply in a common architecture. Reference architecture Fig. Gen-AI cloud native workload Let’s discuss each step so we can construct a layered defense: Assuming you are following cloud native architecture patterns, your developer will publish all the application and infrastructure code in an Azure DevOps repo The DevOps pipeline will then Create a container image Pipeline will also set up respective API endpoints in Azure API management Pipeline will deploy the image with Kubernetes manifests (note that he secrets will stored out of bound in Azure Key Vault) User access an application that leverages GenAI (Open AI for Azure and Anthropic in AWS) Depending on the API endpoint requested, APIM will direct the request to the containerized application running in cloud native Kubernetes platforms (AKS or EKS) The application uses API credentials stored in KeyVault The application makes requests to appropriate Gen AI service The results are stored in a storage service and are reported back to the user who initiated step 5 above Each cloud native service stores the diagnostic logs in a centralized Log Analytics Workspace (LAW) Azure Sentinel is enabled on the LAW For the full post click here: Securing Multi-Cloud Gen AI workloads using Azure Native Solutions - Microsoft Community Hub
Defender Cloud apps custom tag limits
Hello I am currently Configuring Defender for Cloud Apps Policies and have a requirement to create custom app tags. The requirement is 15 custom tags in total. I am doing this through the Defender>Settings>Cloud apps>App Tags I have added 10 (bringing the total to 13 with the existing (Sanctioned, Unsanctioned and Monitored) without issue and used them in the relevant policies. When I have come to add the next custom tag using the Add app Tag option this is grey out and will not let me add it. Please can someone advise if this is a known limitation and there is a maximum number of custom tags ? Is there a PowerShell method for custom Tag creation /management ? Additionally if anyone can point me to a KB on this please ? Thankyou
