Forum Widgets
Latest Discussions
Welcome to the Virtual Ninja Show’s Ninja Cat giveaway!
We are so excited to announce there will be NINE opportunities across Season 3 of the Ninja Show to earn your very own plush ninja cat and give it a new beloved home and we have many plush ninja cats looking for a new home! It works like this: for each episode there is a task to accomplish related to the topic in that show. You can complete each episode’s task for an opportunity to win! When you receive a LIKE on your response (from me, Heike) make sure you check your messages here in Tech Community for a message (from me, Heike ) with next steps. If you do not receive a like, don’t worry - come back and keep trying! For each episode, you have a new chance to win a kitty! Though we do limit one ninja cat per person, please! Click on any episode conversation below to access the various tasks! Episode specific conversations will be posted after their live broadcast is finished. Once you’ve submitted your response, and received my like, I will reach out for the last few details to get your ninja cat on its way! P.S. You have time to put your raffle ticket in the basket (for any episode) until April 14 th ! > Episode 2 | Mastering email authentication and slashing overrides: Part 2 (March 9 th 9 AM PT) > Episode 3 | Microsoft Sentinel Integration (March 14 th 9 AM PT) > Episode 4 | Defender Experts for Hunting Overview (March 16 th 9 AM PT) > Episode 5 | Mobile Threat Defense (March 20 th 9 AM PT) > Episode 6 | SaaS security posture management (SSPM) (March 21 st 9 AM PT) > Episode 7 | Defender for Identity and Defender for Endpoint: Better Together (March 23 rd 9 AM PT) > Episode 8 | Get to know Microsoft Defender Vulnerability Management Premium (March 27 th 9 AM PT) > Episode 9 | Attack disruption (March 29 th 9 AM PT) > Episode 10 | Identity Threat Detection and Response (March 30 th 9 AM PT) Good luck! Heike and the Ninja Show crew This offer is non-transferable and cannot be combined with any other offer. This offer ends on April 14 th , 2023, or until supplies are exhausted and is not redeemable for cash. Taxes, if there are any, are the sole responsibility of the recipient. Any gift returned as non-deliverable will not be re-sent. Please allow 6-8 weeks for shipment of your gift. Microsoft reserves the right to cancel, change, or suspend this offer at any time without notice. Offer void in Cuba, Iran, North Korea, Sudan, Syria, Region of Crimea, Russia, and where prohibited.Ninja Cat Giveaway: Episode 3 | Sentinel integration
For this episode, your opportunity to win a plush ninja cat is the following - Reply to this thread with: what was your favorite feature Javier presented? Oh and what does UEBA stand for? This offer is non-transferable and cannot be combined with any other offer. This offer ends on April 14 th , 2023, or until supplies are exhausted and is not redeemable for cash. Taxes, if there are any, are the sole responsibility of the recipient. Any gift returned as non-deliverable will not be re-sent. Please allow 6-8 weeks for shipment of your gift. Microsoft reserves the right to cancel, change, or suspend this offer at any time without notice. Offer void in Cuba, Iran, North Korea, Sudan, Syria, Region of Crimea, Russia, and where prohibited.Ninja Cat Giveaway: Episode 2 | Mastering email authentication and slashing overrides: Part 2
For this episode, your opportunity to win a plush ninja cat is the following - Reply to this thread with: Did you spot ninja cat throughout episode? Mention your favorite on-screen ninja cat appearance in this episode along with one thing you’ve learned from this episode of the Ninja Show! This offer is non-transferable and cannot be combined with any other offer. This offer ends on April 14 th , 2023, or until supplies are exhausted and is not redeemable for cash. Taxes, if there are any, are the sole responsibility of the recipient. Any gift returned as non-deliverable will not be re-sent. Please allow 6-8 weeks for shipment of your gift. Microsoft reserves the right to cancel, change, or suspend this offer at any time without notice. Offer void in Cuba, Iran, North Korea, Sudan, Syria, Region of Crimea, Russia, and where prohibited.Share Your Hunting Challenges!
Hello world! Tali Ash and I would love your input on anything you would like demo'ed in future webcasts! Want to see us demonstrate a specific hunting capability? Got a query challenge on your mind? Reply with your idea or like a reply from the community - we'll pick some of the popular ideas and put together future webcasts on the topics. Also, if you are looking for a great introduction to advanced hunting in MTP and KQL, be sure to check out our four part series Tracking the Adversary at http://aka.ms/securitywebinars, or download the query files to practice on your own MTP instance at https://aka.ms/TrackingTheAdversary. Happy hunting!
Explorer permission to download an email
Global Admin is allegedly not sufficient access to download an email. So I have a user asking for a copy of her emaill, and I'm telling her 'sorry, I don't have that permission', I'm only global admin' What? The documentation basically forces you to use the new terrible 'role group' system. I see various 'roles' that you need to add to a 'role group' in order to do this.. Some mention Preview, some mention Security Administrator, some mention Security Operator. I've asked copilot 100 different times, and he keeps giving me made up roles. But then linking to the made up role. How is such a basic functionality broken? It makes 0 sense. I don't want to submit this email - it's not malware or anything. I just want to download the **bleep** thing, and I don't want to have to go through the whole poorview process. This is really basic stuff. I can do this on about 10% of my GA accounts. There's no difference in the permissions - it just seems inconsistent.
Defender console - Disabled Connected to a custom indicator & Connected to a unsanctionned
Updated - November 2024 I have found a way to disabling these annoying alerts. Look for the solution above. Issue: I want to know how I can disable these two following alerts : Disabled Connected to a custom indicator Connected to an unsanctioned blocked app Those alerts type needs to be enabled or disabled on demand, like the other alerts types. Why's that : Description of the workload : When we block(Unsanctioned) an application through Defender for Cloud apps. It creates automatically the indicators to Defender XDR. When someone for example click or go the URL related to the application, the following alerts will be triggered. When an indicator is automatically created through that, it checks the box to generate alert when the indicator is triggered. We would like to automatically uncheck the box or disable to alerts describing. Possible to disable the custom alert in setting ? No. Why ? Explanation : You cannot suppress "custom detection". But, they are categorized as "Informational" and you can suppress severity alert type. Solutions : IMPORTANT: Make sure to create a transform rule to not ingest this alerts in Sentinel. That could increased the Resolved incident ingestion and false your SOC optimization reports. The rule is automatically close only the “Informational” alerts with the specified titles. Other Informational alerts with different titles will not be affected. In the Defender XDR setting->Alert tuning->Create this rule: Here's an example: Rule Analysis From the updated rule configuration screenshot, it appears that you’ve set up a filter in the AND condition to only automatically close Informational alerts that do not match specific alert titles (e.g., “Malware was detected in an email message,” “unwanted software,” “malware,” “trojan”). This approach should ensure that the rule closes all Informational alerts except those that contain these specified titles. Here’s a breakdown of how it’s working: 1. Severity Filtering: By setting Alert severity to Informational, only Informational alerts are considered. 2. Title Exclusion: Adding Not equals conditions for each title you want to exclude prevents this rule from affecting those specific alerts. So, any Informational alert with a title that does not match the specified exclusions will be automatically closed. This setup should effectively allow you to close all unwanted Informational alerts while retaining visibility on any malware or security-related Informational alerts that require further review. Regards,
Change service account to avoid cached password in windows registry
Hi , In Microsoft 365 defender > secure score there's a recommendation for me saying "Change service account to avoid cached password in windows registry" , and I can see multiple MSSQL services falling into this recommendations . But the remediation is not very clear , what should I need to do in here ? Thanks ,
