Recent Discussions
Error getting Device Data
Have an issue with Device data not displaying in the Defender XDR portal. On the Assets/Devices menu I can search and find a device, but when I click in it to see the properties- the page displays only 50% of the time. Mostly it stays loading for about 30 secs then displays the error "Error getting Device Data" Occurs regardless of what permissions are applied, occurs regardless of the browser or incognito modes, regardless of who is logged in. Done basic troubleshooting from MS and even MS support cannot find the answer so far. Has anyone seen this before? Cheers
Attack Surface Reduction - Problem Enforcement
Hello Community, for a customer i deploy Microsoft Defender for Endpoint with Security Management Features of MDE. All works fine but for "Attack Surface Reduction Rule" i have some problem, device are 1.8K and attack surface reduction only apply for 304 devices that have the same policy of other. But from Security Portal So i don't understand because in some device asr works correctly and in the other device not. Has anyone the same problem ? Regards, GuidoCannot use union * for Defender Hunting query to Create Detection Rule, so what other workarounds?
I tried to create custom detection rule from KQL query in Defender XDR: Advance Hunting by custom various variable to be able to submit, but for this query to be able to go through remediation setting of detection rule, I need the entity identifiable columns like AccountUpn, that I need to union with IdentityInfo schema. But detection rule seems not support the union * thing as the attached pic: I searched for the same problems that seems to be occurred in all system using KQL including in Microsoft Sentinel Logs but has no workaround to bypass. So, is there any way to get through this objective without strucking with union * problem?
EDR Exclusions - file extensions with square brackets
Background: We applied for, and received the ability to access EDR Exclusions for our tenant due to some performance problems we were seeing. I think this might still be an early preview feature but am not 100% sure... Here is a screenshot of what I am referring to: We have found a few other applications that had issues, including one that uses many different file extensions. Some of those files use square brackets in the extension name. This are valid files. However when I try to add them to our EDR Exclusions, I get an error "a valid extension must be specified"... which is frustrating because it is a valid extension. Does anyone have a solution for this or know how to get Microsoft to fix this? Thanks
Recent Blogs
- 6 MIN READMicrosoft Defender Monthly news - December 2025 Edition This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month across our De...Dec 04, 2025
- This Ignite we are focused on giving security teams the edge they need to meet adversaries head on in the era of AI. The modern Security Operations Center (SOC) is undergoing a fundamental transforma...Nov 18, 2025
