Forum Widgets
Latest Discussions
Defender Cloud Service URLs are not resolvable
When using the MDE Client Analyzer, Defender is not able not connect to the following URLs: https://edr-neu-eu.endpoint.security.microsoft.com/edr/commands/test https://mdav-eu.endpoint.security.microsoft.com/mdav/wdcp.svc/heartbeat https://edr-weu-eu.endpoint.security.microsoft.com/edr/commands/test The FQDNs are not resolvable. This error is not exclusive on our network. Is there something wrong with the DNS entries at Microsoft ?PichaJun 23, 2025Copper Contributor41Views1like1CommentSapien Toolkit 2008
Hello everyone, I wanted to share a solution I’ve developed for troubleshooting Windows Defender-related issues across multiple servers using SAPIEN. With many organizations managing security across multiple systems, keeping track of Windows Defender's status can be a challenge Quick Question for the Community: As I continue to update and support this toolkit, I’m curious—who is still using SAPIEN 2008 for PowerShell development? Are there any modern-day use cases for it, or has the community moved on to newer versions? I’m particularly interested in feedback from anyone who still uses it in production environments, as it helps me keep the toolkit as compatible as possible. Looking forward to hearing your thoughts and experiences with both Windows Defender troubleshooting and SAPIEN!Reguillio_KolfJun 19, 2025Copper Contributor14Views0likes0CommentsDefender Onboarding
I have domain joined device. Implementing Defender thru Intune Connector. (Connector Status is on - EDR policy is Deployed correctly) -ASR All Rules in place -AV policy in place 2 Same OS Version Device I tried to Onboard 1 got onboarded & 1 Did not. Not sure why? Also Domain joined 1 Device got on boarded with some issue where Realtime Protection and Behavior monitoring is disabled. Any Solution ? Please Don't Recommend to make any changes to GPO thru Onprem. Help me to resolve issue thru intune.KrunalPatel1Jun 17, 2025Copper Contributor24Views0likes1CommentTuning a defender alert
Hi all, I'm looking for some guidance on tuning a Microsoft Defender alert. I've received an alert that gets triggered when an encoded PowerShell command is executed. I attempted to suppress it by creating a custom rule specifying that if this encoded command is seen, it shouldn't trigger the alert. However, the rule doesn't seem to be working as expected. Could anyone help me understand what I might be doing wrong or suggest a better approach to tuning this alert? I have attached images of the alert. Thanks in advance!LukeCageJun 17, 2025Copper Contributor20Views0likes1CommentInquire about Microsoft Defender for Endpoint Deployment
I would like to kindly ask for some guidance. Our office is currently considering deploying Microsoft Defender for Endpoint P1, or possibly Defender for Business. We have a total of 30 PCs, all running Windows 11. Currently, we are using Microsoft 365 Exchange Online (30 licenses) for email communication. All PCs are currently not joined to any Active Directory (either on-prem or Entra ID). If we proceed with purchasing Microsoft Defender for Endpoint, I would like to ask: What setup model would be required for our environment? Do all PCs need to be joined to Microsoft Entra ID (formerly Azure AD) in order to use Defender for Endpoint? A brief overview of the setup steps would also be very helpful. Thank you very much.NarongratJun 16, 2025Copper Contributor45Views0likes2CommentsQuestion about adopting the E5 Security add-on for M365 Business Premium: Is there a way back?
Hello everyone. I run a small business and am responsible for system administration, including security. While I'm generally happy with the comprehensive security package included in Microsoft 365 Business Premium, I want to try E5 Security because I noticed that I can only use one group in Endpoint Security (Defender). When I attempt to switch the license from Defender for Business to Defender for Endpoint P2 in the Defender portal, I receive a warning that I can never revert to Defender for Business. Obviously, if it literally states that I can't go back, that's the end of the line, but I would like to try it if possible and revert if necessary. Bottom line, in the worst-case scenario, everything I configured in the Defender portal will be wiped, and I don't mind re-enrolling the devices; I'd just like to know if I can undo it somehow. Thanks in advance. Have a great Friday.hansollkimJun 15, 2025Copper Contributor32Views0likes1CommentIndicators added for URL with setting 'Audit'. But where can I review those?
Was asked to put a few domains on a watchlist to see how often they're actually requested from endpoints in our organization. Went to Defender, Settings, Endpoints, Indicators, and added the domains there with the action set to 'audit'. I figured I should be able to review something in the Audit logs of Defender itself, but all I see there are the actions I did when adding the URLs to the indicator list. Anyone have any idea where I can review the usage of those websites I've set to audit, so we can determine if it's feasable to shut them down or not?SolvedJurriaanvDJun 10, 2025Copper Contributor41Views0likes2CommentsIntune Website Block Policy Not Working on Newly Enrolled Devices
We configured URL blocking for multiple cloud storage services via Microsoft 365 Defender portal at https://security.microsoft.com > Settings > Endpoints > Indicators. The policy works on older devices, but we recently discovered that newly enrolled Windows devices can still access those URLs — even though they show as compliant in Microsoft Defender for Endpoint. Has anyone encountered this issue before? The PC Enroll many day ago ,PetercheungtsrdJun 09, 2025Copper Contributor28Views0likes1CommentReport is not populating in real time on Defender for Endpoint portal
Latest signature/security intel update are done on device, however Microsoft Defender for Endpoint not showing Realtime report. Please suggest how to get Realtime report. Provide Microsoft article state telemetry data report population time interval.subhashPonmalaJun 05, 2025Copper Contributor35Views0likes1CommentWeb content filtering and indicator aren't working on third party browser
Hi, we have just noticed that web content filtering and customized indicators are not working on third party browsers after upgraded defender for endpoint to 4.18.23050.3, the issue has happened to both Win10 and Win11 machines. Has anyone else got the same issue?Spark ZhangJun 05, 2025Copper Contributor29KViews5likes86Comments
Resources
Tags
No tags to show