Recent Discussions
What does "deprecated" mean in the Defender Antivirus for Linux settings?
When you create a Microsoft Defender Antivirus policy for Linux in the Endpoint Security Policies blade of the Defender admin center, there are two settings in the Antivirus Engine section that have "(deprecated)" after them: "Enable real-time protection (deprecated)" and "Enable passive mode (deprecated)": What exactly does "deprecated" mean in this context? I can't imagine that the features themselves are deprecated; are we supposed to be configuring them elsewhere?
Get-MpPerformanceReport empty processpath
Hi, anyone knows why we sometimes get empty processpath when using Get-MpPerformanceReport to get top processes? Some say it could be Defender for Endpoint, but I would like to be sure what it is. Any ideas on how to get more info? Thank you in advance and don't hesitate if you have any questions
How to Automatically Export Microsoft Defender Security Recommendations with Historical Tracking
Hi everyone, I'm currently using Microsoft Defender for Endpoint, and I'm looking for a way to automate the export of security recommendations. Right now, the only available option is to manually export these recommendations as a CSV using the "Export" button in the portal. However, I’d like to: Automatically pull these recommendations regularly Store them in an Azure SQL database/Azure Storage Use Power BI to create dashboards and track trends over time (since Defender does not provide historical views) Is there a way to fetch this data programmatically? My Goal: Automatically query this API daily (via Azure Function or Azure Automation or any other way) Store each day's results in an Azure SQL table/Storage account with timestamps Build Power BI reports for: Most frequent vulnerabilities Exposure trends over time Recommendation coverage and progress
Blocking in Vulnerability Management triggers full scan in Defender.
Over that last couple of weeks our users have been complaining about their computers being slow as molasses - we observed Defender was running a full scan after every reboot. Reviewing event logs we were eventually able to pin down the root cause - a while back we introduced a Block remediation for a vulnerable version of 7-Zip. It turned out that the driver updates delivered via Dell Command Update are internally using an older version of 7-Zip for the file extraction, and were being blocked every time the driver installation retry attempt occurred (which seems to be at every reboot...) Removing the block remediation in Vulnerability Management resolved the issue. While having our driver updates being blocked is somewhat of a nuisance, the repeated full scans had a severe impact on our productivity. Does it even make sense for Defender to do a full scan for a detected "Enterprise Unwanted Software"? Are there options to tweak this (apparently) default behavior to skip the (full) scan for certain categories?
Recent Blogs
- As of today, October 14, 2025, Microsoft is officially ending support for Windows 10. This means that Windows 10 devices will no longer receive security or feature updates, nor technical support from...Oct 14, 2025
- We’re excited to announce a key milestone in Defender’s multi-tenant management journey—Microsoft Defender for Endpoint security policies can now be distributed across multiple tenants from the Defen...Aug 07, 2025
