Category: Microsoft Defender XDR | Microsoft Community Hub

Connect with experts and redefine what’s possible at work – join us at the Microsoft 365 Community Conference May 6-8. Learn more >

Recent Discussions

Dynamic Blocklist in Microsoft Defender XDR
Hello Community, I have one question, and i think that is a request that could be useful to everyone. We have a Dynamic list that are published over internet in read-only (into this list we put ioc like malicious domain or bad ip reputation) is a txt file. There are a possibility from MDE o MDC to block all connection to this ioc ? or MDE and MDC not support Dynamic BLocklist ? Regards, Guido
Solved
GuidoImpe
Brass Contributor
Feb 26, 2025 Place Microsoft Defender XDR
microsoft defender for endpoint
36Views
0likes
2Comments
DeviceRegistryEvents table
Couldn’t find any documentation on what is logged or not logged in this table. Is there any documentation available on what registry entries are logged by defender? Is there a way to suggest some registry events to be logged to Microsoft?
Solved
Sreenath15
Copper Contributor
Feb 18, 2025 Place Microsoft Defender XDR
microsoft defender for endpoint
Search
threat hunting
33Views
0likes
1Comment
EDR Exclusions - file extensions with square brackets
Background: We applied for, and received the ability to access EDR Exclusions for our tenant due to some performance problems we were seeing. I think this might still be an early preview feature but am not 100% sure... Here is a screenshot of what I am referring to: We have found a few other applications that had issues, including one that uses many different file extensions. Some of those files use square brackets in the extension name. This are valid files. However when I try to add them to our EDR Exclusions, I get an error "a valid extension must be specified"... which is frustrating because it is a valid extension. Does anyone have a solution for this or know how to get Microsoft to fix this? Thanks
Solved
Bspies1
Copper Contributor
Feb 12, 2025 Place Microsoft Defender XDR
microsoft defender for endpoint
57Views
0likes
1Comment
Advanced Hunting along with a Custom Detection Rule
Good afternoon, I need some help setting up a KQL query in Advanced Hunting along with a Custom Detection Rule to automatically isolate devices where a virus or ransomware is detected. The rule must run at NRT (Near Real-Time) frequency. We are using Microsoft Defender for Business, which is included in the Microsoft 365 Business Premium license. Would any kind community member be able to provide me with a starting point for this? Thank you in advance!
Solved
stade1655
Copper Contributor
Feb 05, 2025 Place Microsoft Defender XDR
alerts
automation
microsoft defender for endpoint
Response Actions
106Views
1like
2Comments
DeviceLogonEvents "LogonSuccess", "LogoffSuccess", "ScreenLock", "ScreenUnlock"
I'm trying to get "LogonSuccess", "LogoffSuccess", "ScreenLock", "ScreenUnlock" from the DeviceLogonEvent table but I am only seeing LogonSuccess. I'm wondering if I need to configure something in my tenant for those events to show up in the DeviceLogonEvents table. I have both event ID's 8400 and 8401 showing in the local security event log.
Solved
Paul_Brock
Brass Contributor
Jan 24, 2025 Place Microsoft Defender XDR
microsoft defender for endpoint
microsoft sentinel
87Views
0likes
3Comments
Advanced Hunting Data Schema
Hello everyone, I have a question regarding the use of schema for Advanced Hunting queries. We are an organization with several companies under our holding. I need to recover the USB connections on the machines but only for one company and not the others. I need to sort on Company Name for the user. But in the Advanced Hunting schema there are no fields to filter on this. I looked specifically in UserInfo and DeviceInfo. Here's the query I use to detect USBs. I need to filter by CompanyName to retrieve the list of devices or users for this company only. DeviceEvents | where ActionType == “PnpDeviceConnected” | extend parsed=parse_json(AdditionalFields) | project Timestamp, DeviceName, DeviceId=tostring(parsed.DeviceId), ClassName=tostring(parsed.ClassName) | where ClassName == “DiskDrive” | summarize UsbFirstSeen=min(Timestamp), UsbLastSeen=max(Timestamp) by DeviceId, DeviceName; Is there another solution ? Thanks in advance for your answers, HKN
Solved
HKN
Copper Contributor
Dec 23, 2024 Place Microsoft Defender XDR
automation
investigation
microsoft defender for endpoint
170Views
0likes
8Comments
Monitoring copied files on External drive - USB
Hello Guys, i struggle to find a way in Defender for EPP or other solutions to monitor when a user copied files on an external peripheral such as hard drive and USB. Some one have the procedure or documentation ? NOTE : Defender timeline could see when a user is plugging a USB stick. but that's... Thanks !
Solved
EtienneFiset
Brass Contributor
Dec 18, 2024 Place Microsoft Defender XDR
Incident Management
investigation
microsoft defender for endpoint
microsoft defender for office 365
microsoft sentinel
11KViews
0likes
2Comments
Defender XDR - Resolved incidents still show up
In Security Center I have multiple incidents that I changed to status resolved. However, they still appear in the Incidents view. What could be the issue? I don't have this issue with resolving incidents in Sentinel.
Solved
Hendrik
Copper Contributor
Dec 05, 2024 Place Microsoft Defender XDR
Incident Management
63Views
0likes
1Comment
Tracking Sent Emails from a Shared Mailbox with Delegated Access
Here is a detailed post to the Microsoft help forum about tracking down who sent emails from a shared mailbox with delegated access and send as rights: Title: Tracking Sent Emails from a Shared Mailbox with Delegated Access Dear Microsoft Community, I'm reaching out for assistance with an issue I'm encountering regarding a shared mailbox in my organization. The shared mailbox has been configured with delegated access and "Send As" rights for certain users. However, I'm finding that emails are being sent from this shared mailbox, and I need to determine which user is responsible for those sent messages. Here's some more context on the setup: We have a shared mailbox that multiple employees within my organization can access and send emails from using their individual user accounts. The shared mailbox has been granted "Delegate Access" and "Send As" rights to these authorized users. Whenever an email is sent from the shared mailbox, it appears to come from the shared mailbox address rather than the individual user's email address. I need to be able to track down and identify which user sent a specific email from the shared mailbox. My main questions are: How can I determine which user account was used to send a specific email from the shared mailbox? Is there logging or audit functionality within Microsoft 365 that would allow me to see the user who sent an email from the shared mailbox? Are there any third-party tools or add-ons that could provide this level of tracking and visibility for emails sent from a shared mailbox? I'm hoping the Microsoft community can provide some guidance and recommendations on the best approach to resolve this issue. Being able to identify the user responsible for emails sent from the shared mailbox is crucial for maintaining security and accountability within our organization. Thank you in advance for your assistance. I look forward to hearing back from the community. Best regards,
Solved
Fish_Tacos
Brass Contributor
Dec 02, 2024 Place Microsoft Defender XDR
investigation
microsoft defender for office 365
283Views
0likes
1Comment
ASR rule "Block Win32 API calls from Office macro Block XLS
Hi All, we have deploy defender for Endpoint in customer organization and the rule "ASR rule "Block Win32 API calls from Office macro" block old version of Excel with macro, we set exclusion for a path that contain this file but problem persist. If we convert this file into new version of Excel problem not appears, there is a solution for this problem or we need to convert all files into new version ? Many Thanks Guido
Solved
Deleted
Jun 27, 2024 Place Microsoft Defender XDR
microsoft defender for endpoint
2KViews
0likes
3Comments
Defender - Export or capture certificate expiry data
Hi There, I am attempting to pull expired certificate information from Defender. My question is thus two fold: Is it possible to create an email or alert based on certificates due to expire in 30 days. Is it possible to call an API for Defender for Endpoint? Our current solution for alerts on expiring certificates in the domain is no longer sustainable and I am looking at redesigning the solution, however, before we can do a proper solution, we need to do something a little less manual and this will be our start. Alert Rule I can see that the certificate information is under the Inventories of the Vulnerabilities blade in Defender Endpoint which suggests that an expiring certificate should alert as a Vulnerability. Is this correct, if so how would I go about creating an alert to identify this? API or Information passing Is it possible to use API to call the information of certificates from Defender, again I have looked and found nothing. If API's aren't possible I saw that I can ship the data to Event Hub which would be useful but again I need to know if the certificate information is captured and passed on if I do this. Does anyone have this information? Thanks,
Solved
GavinDatacom
Copper Contributor
Jun 17, 2024 Place Microsoft Defender XDR
alerts
automation
learning
microsoft defender for endpoint
Remediation
416Views
0likes
1Comment
Incidents and Alerts blades missing in Defender portal
Hi, We recently found out that the incidents and alerts blades have disappeared from our Defender portal. This is true for both Global Admin and Security Administrator roles. We use A5 licenses in our tenant. Not sure what happened. Microsoft Unified support has not been very helpful in even replying to our query. Can someone please point us in the right direction. We don't know what has happened. Thanks in advance,
Solved
arifvase
Copper Contributor
May 23, 2024 Place Microsoft Defender XDR
alerts
Incident Management
investigation
605Views
0likes
1Comment
Entra ID protection - Integration into Defender XDR
Hi everyone, is it possible to integrate this into Defender? Or is there a hunt or Cloud App Policy that will trigger an Alert in Defender Portal? BR Stephan
Solved
StephanGee
Steel Contributor
Apr 26, 2024 Place Microsoft Defender XDR
Incident Management
microsoft defender for endpoint
playbooks
2.5KViews
1like
8Comments
MacOS set preferences - manual deployment without MDM
Hello, we are testing Microsoft Defender on macOS devices. It is working and reporting in the Defender portal. I see in documentation that there are examples of creating config profile in Jamf and Intune: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/mac-preferences?view=o365-worldwide Is it possible to create a simple config profile manually (without using any MDM system) for testing purposes? Something like we can do on Linux OS: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/linux-preferences?view=o365-worldwide - using config file /etc/opt/microsoft/mdatp/managed/mdatp_managed.json Thanks!
Solved
djolenole
Brass Contributor
Apr 24, 2024 Place Microsoft Defender XDR
microsoft defender for endpoint
Onboarding
517Views
0likes
2Comments
EICAR file is not blocked by Defender for Endpoint on Linux
Hello, we are testing Microsoft Defender for Endpoint on Linux Ubuntu devices. I successfully onboarded machine, it is visible in Defender portal and I am able to generate incident using test https://aka.ms/LinuxDIY However, I am not able to detect/block EICAR test file using suggested command: curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt After it, eicar.com.txt file is in Downloads folder and nothing happens. "mdatp health" output: Configuration in mdatp_managed.json file: Am I missing something? Thanks
Solved
djolenole
Brass Contributor
Apr 22, 2024 Place Microsoft Defender XDR
microsoft defender for endpoint
1.3KViews
0likes
2Comments
abnormal Behavior in Users Devices
hi security guys I am facing strange behaviors on Microsoft EDR that show in timeline Windows Defender Advanced Threat Protection\SenseIR.exe is using fake accounts which are not exist in Microsoft Active directory and Azure Active Directory Is considering a normal behavior, hacked or Windows Defender Advanced Threat Protection zero day vulnerable. the below sample from timeline that related with fake account. Event Time Machine Id Computer Name Action Type File Name Folder Path Sha1 Sha256 MD5 Process Command Line Account Domain Account Name Account Sid Logo Id Process Id Process Creation Time Process Token Elevation Registry Key Registry Value Name Registry Value Data Remote Url Remote Computer Name Remote IP Remote Port Local IP Local Port File Origin Url File Origin IP Initiating Process SHA1 Initiating Process SHA256 Initiating Process File Name Initiating Process Folder Path Initiating Process Id Initiating Process Command Line Initiating Process Creation Time Initiating Process Integrity Level Initiating Process Token Elevation Initiating Process Parent Id Initiating Process Parent File Name Initiating Process Parent Creation Time Initiating Process MD5 Initiating Process Account Domain Initiating Process Account Name Initiating Process Account Sid Initiating Process Logon Id Report Id Additional Fields App Guard Container Id Protocol Logon Type Process Integrity Level Registry Value Type Previous Registry Value Name Previous Registry Value Data Previous Registry Key File Origin Referrer Url Sensitivity Label Sensitivity Sub Label Is Endpoint Dlp Applied Is Azure Info Protection Applied Alert Ids Categories Severities Is Marked Data Type 2024-04-19T12:22:10.987 6595e6522d8db8d92425250a4fe68dd7ce1fc1db PC1 InboundRdpConnection LITC fake account S-1-5-21-3977750084-2905094788-454684165-926103861 7c04ec2377e32b3c742f581f6c5437464dd2cf2 3247PKBT60B6DT25B34CP74B5889Ap10F1B3S72B4D4D95B5B25B54560B8 powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0 8332 powershell.exe -ExecutionPolicy Bypass -NoProfile -NonInteractive -Command "& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Downloads\PSScript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::Read);$calculatedHash = Microsoft.PowerShell.Utility\ Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Downloads\PSScript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.ps1' -Algorithm SHA256; if (!( $calculatedHash.Hash -eq '575497143631ed5cd604e7a1e8666187bd6acf421ad685273e559c0013179789')) { exit 323;}; Start-Transcript -Path 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Temp\PSScriptOutputs\PSScript_Transcript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.txt'; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Downloads\PSScript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.ps1' -Id 3f884218-6a5a-4d02-8032-32ed7f90339a -Descriptor eyJEZXRlY3Rpb25LZXlzIjpbIk1va2h0YXIuU2hvc2hhbiJdLCJDb250ZW50IjoiZXdvZ0lDSlRaWEpwWVd4cGVtVmtUbXhTWldOdmNtUWlPaUFpU0dkQlNVRkNORUZJWjBGQlFVRkJRVUZCUVVGQlJGVTFUWHBqUVVGblFVRkJaMEZCUVVGblFVZEJRemNyY3pONU9UUXZZVUZSVVVGQlVVRkJRVUZCUVVGUlFVdEJRVUZCUVVGQlVVRkJRVUZHUVVFd1FVTmlWRGRNWW5SWVduUjVNbTlPUmtnek1FcGhNRlZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUWtGQlFVRkJRVUZCUVVGQlFVRkJRVU5CUVVGQlJHZEJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZVVVVKMlFVZHpRV0ZCUWpCQlIwVkJZMmRCZFVGR1RVRmhRVUoyUVVoTlFXRkJRbWhCUnpSQlFVRkNjMEZIYTBGa1FVSnFRVWQzUVdGUlFqQkJSMDFCVEdkQ2MwRkhPRUZaZDBKb1FVZDNRVlJSUW5aQlIzTkJZVUZDTUVGSFJVRmpaMEYxUVVaTlFXRkJRblpCU0UxQllVRkNhRUZITkVGUlFVSnpRVWRyUVdSQlFtcEJRelJCWWtGQ2RrRkhUVUZaVVVKelFVVXdRV0ozUW5KQlIyZEJaRUZDYUVGSVNVRk1aMEpVUVVkblFXSjNRbnBCUjJkQldWRkNkVUZCUVVGVVVVSjJRVWR6UVdGQlFqQkJSMFZCWTJkQlowRkdUVUZoUVVKMlFVaE5RV0ZCUW1oQlJ6UkJRVUZCUVVGblFVRkNkMEZCUVVGRlEwRkJRVWhCUVVGQllrRkNjRUZJVVVGWmQwSlRaRzQ0V0dOcVZVWTFSVzVIT0hadWFFUlFSUzh2ZEdOQ2FtUXlNMjFHVlc5QlJ6UkJaRkZDYzBGSGQwRkxVVUZCUVVFOVBTSXNDaUFnSWxOdlpuUjNZWEpsUlhoamJIVnphVzl1VEdsemRFWnZja1JsY0d4dmVXMWxiblFpT2lCYlhRcDkiLCJFbnRpdHlQYXRoIjoiIiwiRW50aXR5VHlwZSI6NiwiTHVyZURlcGxveW1lbnRDb250ZXh0Ijp7IkV4cGlyYXRpb25VdGMiOiIyMDI0LTA0LTIyVDEyOjE2OjQ1LjQ0NTE3NzVaIiwiSWQiOiJhZjlkNWY2YS1jNjZhLTRmYmMtOTkwZS00MzMwYmI4ZTZjODQiLCJDb3JyZWxhdGlvbklkIjpudWxsfSwiRmlsZUF0dHJpYnV0ZXMiOjAsIlVzZXJSaWQiOjkyNjEwMzg2MX0=}" 2024-04-19T12:21:13.582 System Default 7192 SenseIR.exe 2024-04-19T12:21:11.307 NT AUTHORITY system S-1-5-18 1.65E+09 T1021.001 (bolster) Techniques 2024-04-19T12:22:10.987 6595e6522d8db8d92425250a4fe68dd7ce1fc1db PC1 WindowsDomainAccountLogonSuccess LITC fake account S-1-5-21-3977750084-2905094788-454684165-926103861 7c04ec2377e32b3c742f581f6c5437464dd2cf2 3247PKBT60B6DT25B34CP74B5889Ap10F1B3S72B4D4D95B5B25B54560B8 powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0 8332 powershell.exe -ExecutionPolicy Bypass -NoProfile -NonInteractive -Command "& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Downloads\PSScript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::Read);$calculatedHash = Microsoft.PowerShell.Utility\ Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Downloads\PSScript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.ps1' -Algorithm SHA256; if (!( $calculatedHash.Hash -eq '575497143631ed5cd604e7a1e8666187bd6acf421ad685273e559c0013179789')) { exit 323;}; Start-Transcript -Path 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Temp\PSScriptOutputs\PSScript_Transcript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.txt'; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Downloads\PSScript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.ps1' -Id 3f884218-6a5a-4d02-8032-32ed7f90339a -Descriptor eyJEZXRlY3Rpb25LZXlzIjpbIk1va2h0YXIuU2hvc2hhbiJdLCJDb250ZW50IjoiZXdvZ0lDSlRaWEpwWVd4cGVtVmtUbXhTWldOdmNtUWlPaUFpU0dkQlNVRkNORUZJWjBGQlFVRkJRVUZCUVVGQlJGVTFUWHBqUVVGblFVRkJaMEZCUVVGblFVZEJRemNyY3pONU9UUXZZVUZSVVVGQlVVRkJRVUZCUVVGUlFVdEJRVUZCUVVGQlVVRkJRVUZHUVVFd1FVTmlWRGRNWW5SWVduUjVNbTlPUmtnek1FcGhNRlZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUWtGQlFVRkJRVUZCUVVGQlFVRkJRVU5CUVVGQlJHZEJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZVVVVKMlFVZHpRV0ZCUWpCQlIwVkJZMmRCZFVGR1RVRmhRVUoyUVVoTlFXRkJRbWhCUnpSQlFVRkNjMEZIYTBGa1FVSnFRVWQzUVdGUlFqQkJSMDFCVEdkQ2MwRkhPRUZaZDBKb1FVZDNRVlJSUW5aQlIzTkJZVUZDTUVGSFJVRmpaMEYxUVVaTlFXRkJRblpCU0UxQllVRkNhRUZITkVGUlFVSnpRVWRyUVdSQlFtcEJRelJCWWtGQ2RrRkhUVUZaVVVKelFVVXdRV0ozUW5KQlIyZEJaRUZDYUVGSVNVRk1aMEpVUVVkblFXSjNRbnBCUjJkQldWRkNkVUZCUVVGVVVVSjJRVWR6UVdGQlFqQkJSMFZCWTJkQlowRkdUVUZoUVVKMlFVaE5RV0ZCUW1oQlJ6UkJRVUZCUVVGblFVRkNkMEZCUVVGRlEwRkJRVWhCUVVGQllrRkNjRUZJVVVGWmQwSlRaRzQ0V0dOcVZVWTFSVzVIT0hadWFFUlFSUzh2ZEdOQ2FtUXlNMjFHVlc5QlJ6UkJaRkZDYzBGSGQwRkxVVUZCUVVFOVBTSXNDaUFnSWxOdlpuUjNZWEpsUlhoamJIVnphVzl1VEdsemRFWnZja1JsY0d4dmVXMWxiblFpT2lCYlhRcDkiLCJFbnRpdHlQYXRoIjoiIiwiRW50aXR5VHlwZSI6NiwiTHVyZURlcGxveW1lbnRDb250ZXh0Ijp7IkV4cGlyYXRpb25VdGMiOiIyMDI0LTA0LTIyVDEyOjE2OjQ1LjQ0NTE3NzVaIiwiSWQiOiJhZjlkNWY2YS1jNjZhLTRmYmMtOTkwZS00MzMwYmI4ZTZjODQiLCJDb3JyZWxhdGlvbklkIjpudWxsfSwiRmlsZUF0dHJpYnV0ZXMiOjAsIlVzZXJSaWQiOjkyNjEwMzg2MX0=}" 2024-04-19T12:21:13.582 System Default 7192 SenseIR.exe 2024-04-19T12:21:11.307 NT AUTHORITY system S-1-5-18 9.09E+08 T1078.002 (bolster) Techniques 2024-04-19T12:22:10.987 6595e6522d8db8d92425250a4fe68dd7ce1fc1db PC1 LogonSuccess LITC fake account S-1-5-21-3977750084-2905094788-454684165-926103861 7c04ec2377e32b3c742f581f6c5437464dd2cf2 3247PKBT60B6DT25B34CP74B5889Ap10F1B3S72B4D4D95B5B25B54560B8 powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0 8332 powershell.exe -ExecutionPolicy Bypass -NoProfile -NonInteractive -Command "& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Downloads\PSScript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::Read);$calculatedHash = Microsoft.PowerShell.Utility\ Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Downloads\PSScript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.ps1' -Algorithm SHA256; if (!( $calculatedHash.Hash -eq '575497143631ed5cd604e7a1e8666187bd6acf421ad685273e559c0013179789')) { exit 323;}; Start-Transcript -Path 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Temp\PSScriptOutputs\PSScript_Transcript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.txt'; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Downloads\PSScript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.ps1' -Id 3f884218-6a5a-4d02-8032-32ed7f90339a -Descriptor eyJEZXRlY3Rpb25LZXlzIjpbIk1va2h0YXIuU2hvc2hhbiJdLCJDb250ZW50IjoiZXdvZ0lDSlRaWEpwWVd4cGVtVmtUbXhTWldOdmNtUWlPaUFpU0dkQlNVRkNORUZJWjBGQlFVRkJRVUZCUVVGQlJGVTFUWHBqUVVGblFVRkJaMEZCUVVGblFVZEJRemNyY3pONU9UUXZZVUZSVVVGQlVVRkJRVUZCUVVGUlFVdEJRVUZCUVVGQlVVRkJRVUZHUVVFd1FVTmlWRGRNWW5SWVduUjVNbTlPUmtnek1FcGhNRlZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUWtGQlFVRkJRVUZCUVVGQlFVRkJRVU5CUVVGQlJHZEJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZVVVVKMlFVZHpRV0ZCUWpCQlIwVkJZMmRCZFVGR1RVRmhRVUoyUVVoTlFXRkJRbWhCUnpSQlFVRkNjMEZIYTBGa1FVSnFRVWQzUVdGUlFqQkJSMDFCVEdkQ2MwRkhPRUZaZDBKb1FVZDNRVlJSUW5aQlIzTkJZVUZDTUVGSFJVRmpaMEYxUVVaTlFXRkJRblpCU0UxQllVRkNhRUZITkVGUlFVSnpRVWRyUVdSQlFtcEJRelJCWWtGQ2RrRkhUVUZaVVVKelFVVXdRV0ozUW5KQlIyZEJaRUZDYUVGSVNVRk1aMEpVUVVkblFXSjNRbnBCUjJkQldWRkNkVUZCUVVGVVVVSjJRVWR6UVdGQlFqQkJSMFZCWTJkQlowRkdUVUZoUVVKMlFVaE5RV0ZCUW1oQlJ6UkJRVUZCUVVGblFVRkNkMEZCUVVGRlEwRkJRVWhCUVVGQllrRkNjRUZJVVVGWmQwSlRaRzQ0V0dOcVZVWTFSVzVIT0hadWFFUlFSUzh2ZEdOQ2FtUXlNMjFHVlc5QlJ6UkJaRkZDYzBGSGQwRkxVVUZCUVVFOVBTSXNDaUFnSWxOdlpuUjNZWEpsUlhoamJIVnphVzl1VEdsemRFWnZja1JsY0d4dmVXMWxiblFpT2lCYlhRcDkiLCJFbnRpdHlQYXRoIjoiIiwiRW50aXR5VHlwZSI6NiwiTHVyZURlcGxveW1lbnRDb250ZXh0Ijp7IkV4cGlyYXRpb25VdGMiOiIyMDI0LTA0LTIyVDEyOjE2OjQ1LjQ0NTE3NzVaIiwiSWQiOiJhZjlkNWY2YS1jNjZhLTRmYmMtOTkwZS00MzMwYmI4ZTZjODQiLCJDb3JyZWxhdGlvbklkIjpudWxsfSwiRmlsZUF0dHJpYnV0ZXMiOjAsIlVzZXJSaWQiOjkyNjEwMzg2MX0=}" 2024-04-19T12:21:13.582 System Standard 7192 \Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe 2024-04-19T12:21:11.307 nt authority system S-1-5-18 28953 {"IsLocalLogon":false} CachedRemoteInteractive Events 2024-04-19T12:22:10.987 6595e6522d8db8d92425250a4fe68dd7ce1fc1db PC1 WindowsDomainAccountLogonSuccess LITC fake account S-1-5-21-3977750084-2905094788-454684165-926103861 7c04ec2377e32b3c742f581f6c5437464dd2cf2 3247PKBT60B6DT25B34CP74B5889Ap10F1B3S72B4D4D95B5B25B54560B8 powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0 8332 powershell.exe -ExecutionPolicy Bypass -NoProfile -NonInteractive -Command "& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Downloads\PSScript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::Read);$calculatedHash = Microsoft.PowerShell.Utility\ Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Downloads\PSScript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.ps1' -Algorithm SHA256; if (!( $calculatedHash.Hash -eq '575497143631ed5cd604e7a1e8666187bd6acf421ad685273e559c0013179789')) { exit 323;}; Start-Transcript -Path 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Temp\PSScriptOutputs\PSScript_Transcript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.txt'; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Downloads\PSScript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.ps1' -Id 3f884218-6a5a-4d02-8032-32ed7f90339a -Descriptor eyJEZXRlY3Rpb25LZXlzIjpbIk1va2h0YXIuU2hvc2hhbiJdLCJDb250ZW50IjoiZXdvZ0lDSlRaWEpwWVd4cGVtVmtUbXhTWldOdmNtUWlPaUFpU0dkQlNVRkNORUZJWjBGQlFVRkJRVUZCUVVGQlJGVTFUWHBqUVVGblFVRkJaMEZCUVVGblFVZEJRemNyY3pONU9UUXZZVUZSVVVGQlVVRkJRVUZCUVVGUlFVdEJRVUZCUVVGQlVVRkJRVUZHUVVFd1FVTmlWRGRNWW5SWVduUjVNbTlPUmtnek1FcGhNRlZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUWtGQlFVRkJRVUZCUVVGQlFVRkJRVU5CUVVGQlJHZEJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZVVVVKMlFVZHpRV0ZCUWpCQlIwVkJZMmRCZFVGR1RVRmhRVUoyUVVoTlFXRkJRbWhCUnpSQlFVRkNjMEZIYTBGa1FVSnFRVWQzUVdGUlFqQkJSMDFCVEdkQ2MwRkhPRUZaZDBKb1FVZDNRVlJSUW5aQlIzTkJZVUZDTUVGSFJVRmpaMEYxUVVaTlFXRkJRblpCU0UxQllVRkNhRUZITkVGUlFVSnpRVWRyUVdSQlFtcEJRelJCWWtGQ2RrRkhUVUZaVVVKelFVVXdRV0ozUW5KQlIyZEJaRUZDYUVGSVNVRk1aMEpVUVVkblFXSjNRbnBCUjJkQldWRkNkVUZCUVVGVVVVSjJRVWR6UVdGQlFqQkJSMFZCWTJkQlowRkdUVUZoUVVKMlFVaE5RV0ZCUW1oQlJ6UkJRVUZCUVVGblFVRkNkMEZCUVVGRlEwRkJRVWhCUVVGQllrRkNjRUZJVVVGWmQwSlRaRzQ0V0dOcVZVWTFSVzVIT0hadWFFUlFSUzh2ZEdOQ2FtUXlNMjFHVlc5QlJ6UkJaRkZDYzBGSGQwRkxVVUZCUVVFOVBTSXNDaUFnSWxOdlpuUjNZWEpsUlhoamJIVnphVzl1VEdsemRFWnZja1JsY0d4dmVXMWxiblFpT2lCYlhRcDkiLCJFbnRpdHlQYXRoIjoiIiwiRW50aXR5VHlwZSI6NiwiTHVyZURlcGxveW1lbnRDb250ZXh0Ijp7IkV4cGlyYXRpb25VdGMiOiIyMDI0LTA0LTIyVDEyOjE2OjQ1LjQ0NTE3NzVaIiwiSWQiOiJhZjlkNWY2YS1jNjZhLTRmYmMtOTkwZS00MzMwYmI4ZTZjODQiLCJDb3JyZWxhdGlvbklkIjpudWxsfSwiRmlsZUF0dHJpYnV0ZXMiOjAsIlVzZXJSaWQiOjkyNjEwMzg2MX0=}" 2024-04-19T12:21:13.582 System Default 7192 SenseIR.exe 2024-04-19T12:21:11.307 NT AUTHORITY system S-1-5-18 8.59E+08 T1078.002 (bolster) Techniques 2024-04-19T12:22:10.987 6595e6522d8db8d92425250a4fe68dd7ce1fc1db PC1 InboundRdpConnection LITC fake account S-1-5-21-3977750084-2905094788-454684165-926103861 7c04ec2377e32b3c742f581f6c5437464dd2cf2 3247PKBT60B6DT25B34CP74B5889Ap10F1B3S72B4D4D95B5B25B54560B8 powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0 8332 powershell.exe -ExecutionPolicy Bypass -NoProfile -NonInteractive -Command "& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Downloads\PSScript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::Read);$calculatedHash = Microsoft.PowerShell.Utility\ Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Downloads\PSScript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.ps1' -Algorithm SHA256; if (!( $calculatedHash.Hash -eq '575497143631ed5cd604e7a1e8666187bd6acf421ad685273e559c0013179789')) { exit 323;}; Start-Transcript -Path 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Temp\PSScriptOutputs\PSScript_Transcript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.txt'; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Downloads\PSScript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.ps1' -Id 3f884218-6a5a-4d02-8032-32ed7f90339a -Descriptor eyJEZXRlY3Rpb25LZXlzIjpbIk1va2h0YXIuU2hvc2hhbiJdLCJDb250ZW50IjoiZXdvZ0lDSlRaWEpwWVd4cGVtVmtUbXhTWldOdmNtUWlPaUFpU0dkQlNVRkNORUZJWjBGQlFVRkJRVUZCUVVGQlJGVTFUWHBqUVVGblFVRkJaMEZCUVVGblFVZEJRemNyY3pONU9UUXZZVUZSVVVGQlVVRkJRVUZCUVVGUlFVdEJRVUZCUVVGQlVVRkJRVUZHUVVFd1FVTmlWRGRNWW5SWVduUjVNbTlPUmtnek1FcGhNRlZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUWtGQlFVRkJRVUZCUVVGQlFVRkJRVU5CUVVGQlJHZEJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZVVVVKMlFVZHpRV0ZCUWpCQlIwVkJZMmRCZFVGR1RVRmhRVUoyUVVoTlFXRkJRbWhCUnpSQlFVRkNjMEZIYTBGa1FVSnFRVWQzUVdGUlFqQkJSMDFCVEdkQ2MwRkhPRUZaZDBKb1FVZDNRVlJSUW5aQlIzTkJZVUZDTUVGSFJVRmpaMEYxUVVaTlFXRkJRblpCU0UxQllVRkNhRUZITkVGUlFVSnpRVWRyUVdSQlFtcEJRelJCWWtGQ2RrRkhUVUZaVVVKelFVVXdRV0ozUW5KQlIyZEJaRUZDYUVGSVNVRk1aMEpVUVVkblFXSjNRbnBCUjJkQldWRkNkVUZCUVVGVVVVSjJRVWR6UVdGQlFqQkJSMFZCWTJkQlowRkdUVUZoUVVKMlFVaE5RV0ZCUW1oQlJ6UkJRVUZCUVVGblFVRkNkMEZCUVVGRlEwRkJRVWhCUVVGQllrRkNjRUZJVVVGWmQwSlRaRzQ0V0dOcVZVWTFSVzVIT0hadWFFUlFSUzh2ZEdOQ2FtUXlNMjFHVlc5QlJ6UkJaRkZDYzBGSGQwRkxVVUZCUVVFOVBTSXNDaUFnSWxOdlpuUjNZWEpsUlhoamJIVnphVzl1VEdsemRFWnZja1JsY0d4dmVXMWxiblFpT2lCYlhRcDkiLCJFbnRpdHlQYXRoIjoiIiwiRW50aXR5VHlwZSI6NiwiTHVyZURlcGxveW1lbnRDb250ZXh0Ijp7IkV4cGlyYXRpb25VdGMiOiIyMDI0LTA0LTIyVDEyOjE2OjQ1LjQ0NTE3NzVaIiwiSWQiOiJhZjlkNWY2YS1jNjZhLTRmYmMtOTkwZS00MzMwYmI4ZTZjODQiLCJDb3JyZWxhdGlvbklkIjpudWxsfSwiRmlsZUF0dHJpYnV0ZXMiOjAsIlVzZXJSaWQiOjkyNjEwMzg2MX0=}" 2024-04-19T12:21:13.582 System Default 7192 SenseIR.exe 2024-04-19T12:21:11.307 NT AUTHORITY system S-1-5-18 8.45E+08 T1021.001 (bolster) Techniques 2024-04-19T12:22:10.987 6595e6522d8db8d92425250a4fe68dd7ce1fc1db PC1 LogonSuccess LITC fake account S-1-5-21-3977750084-2905094788-454684165-926103861 7c04ec2377e32b3c742f581f6c5437464dd2cf2 3247PKBT60B6DT25B34CP74B5889Ap10F1B3S72B4D4D95B5B25B54560B8 powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0 8332 powershell.exe -ExecutionPolicy Bypass -NoProfile -NonInteractive -Command "& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Downloads\PSScript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::Read);$calculatedHash = Microsoft.PowerShell.Utility\ Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Downloads\PSScript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.ps1' -Algorithm SHA256; if (!( $calculatedHash.Hash -eq '575497143631ed5cd604e7a1e8666187bd6acf421ad685273e559c0013179789')) { exit 323;}; Start-Transcript -Path 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Temp\PSScriptOutputs\PSScript_Transcript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.txt'; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Downloads\PSScript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.ps1' -Id 3f884218-6a5a-4d02-8032-32ed7f90339a -Descriptor eyJEZXRlY3Rpb25LZXlzIjpbIk1va2h0YXIuU2hvc2hhbiJdLCJDb250ZW50IjoiZXdvZ0lDSlRaWEpwWVd4cGVtVmtUbXhTWldOdmNtUWlPaUFpU0dkQlNVRkNORUZJWjBGQlFVRkJRVUZCUVVGQlJGVTFUWHBqUVVGblFVRkJaMEZCUVVGblFVZEJRemNyY3pONU9UUXZZVUZSVVVGQlVVRkJRVUZCUVVGUlFVdEJRVUZCUVVGQlVVRkJRVUZHUVVFd1FVTmlWRGRNWW5SWVduUjVNbTlPUmtnek1FcGhNRlZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUWtGQlFVRkJRVUZCUVVGQlFVRkJRVU5CUVVGQlJHZEJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZVVVVKMlFVZHpRV0ZCUWpCQlIwVkJZMmRCZFVGR1RVRmhRVUoyUVVoTlFXRkJRbWhCUnpSQlFVRkNjMEZIYTBGa1FVSnFRVWQzUVdGUlFqQkJSMDFCVEdkQ2MwRkhPRUZaZDBKb1FVZDNRVlJSUW5aQlIzTkJZVUZDTUVGSFJVRmpaMEYxUVVaTlFXRkJRblpCU0UxQllVRkNhRUZITkVGUlFVSnpRVWRyUVdSQlFtcEJRelJCWWtGQ2RrRkhUVUZaVVVKelFVVXdRV0ozUW5KQlIyZEJaRUZDYUVGSVNVRk1aMEpVUVVkblFXSjNRbnBCUjJkQldWRkNkVUZCUVVGVVVVSjJRVWR6UVdGQlFqQkJSMFZCWTJkQlowRkdUVUZoUVVKMlFVaE5RV0ZCUW1oQlJ6UkJRVUZCUVVGblFVRkNkMEZCUVVGRlEwRkJRVWhCUVVGQllrRkNjRUZJVVVGWmQwSlRaRzQ0V0dOcVZVWTFSVzVIT0hadWFFUlFSUzh2ZEdOQ2FtUXlNMjFHVlc5QlJ6UkJaRkZDYzBGSGQwRkxVVUZCUVVFOVBTSXNDaUFnSWxOdlpuUjNZWEpsUlhoamJIVnphVzl1VEdsemRFWnZja1JsY0d4dmVXMWxiblFpT2lCYlhRcDkiLCJFbnRpdHlQYXRoIjoiIiwiRW50aXR5VHlwZSI6NiwiTHVyZURlcGxveW1lbnRDb250ZXh0Ijp7IkV4cGlyYXRpb25VdGMiOiIyMDI0LTA0LTIyVDEyOjE2OjQ1LjQ0NTE3NzVaIiwiSWQiOiJhZjlkNWY2YS1jNjZhLTRmYmMtOTkwZS00MzMwYmI4ZTZjODQiLCJDb3JyZWxhdGlvbklkIjpudWxsfSwiRmlsZUF0dHJpYnV0ZXMiOjAsIlVzZXJSaWQiOjkyNjEwMzg2MX0=}" 2024-04-19T12:21:13.582 System Standard 7192 \Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe 2024-04-19T12:21:11.307 nt authority system S-1-5-18 28952 {"IsLocalLogon":false} CachedRemoteInteractive Events 2024-04-19T12:22:10.987 6595e6522d8db8d92425250a4fe68dd7ce1fc1db PC1 LogonAttempted LITC fake account 7c04ec2377e32b3c742f581f6c5437464dd2cf2 3247PKBT60B6DT25B34CP74B5889Ap10F1B3S72B4D4D95B5B25B54560B8 powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0 8332 powershell.exe -ExecutionPolicy Bypass -NoProfile -NonInteractive -Command "& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Downloads\PSScript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::Read);$calculatedHash = Microsoft.PowerShell.Utility\ Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Downloads\PSScript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.ps1' -Algorithm SHA256; if (!( $calculatedHash.Hash -eq '575497143631ed5cd604e7a1e8666187bd6acf421ad685273e559c0013179789')) { exit 323;}; Start-Transcript -Path 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Temp\PSScriptOutputs\PSScript_Transcript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.txt'; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Downloads\PSScript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.ps1' -Id 3f884218-6a5a-4d02-8032-32ed7f90339a -Descriptor eyJEZXRlY3Rpb25LZXlzIjpbIk1va2h0YXIuU2hvc2hhbiJdLCJDb250ZW50IjoiZXdvZ0lDSlRaWEpwWVd4cGVtVmtUbXhTWldOdmNtUWlPaUFpU0dkQlNVRkNORUZJWjBGQlFVRkJRVUZCUVVGQlJGVTFUWHBqUVVGblFVRkJaMEZCUVVGblFVZEJRemNyY3pONU9UUXZZVUZSVVVGQlVVRkJRVUZCUVVGUlFVdEJRVUZCUVVGQlVVRkJRVUZHUVVFd1FVTmlWRGRNWW5SWVduUjVNbTlPUmtnek1FcGhNRlZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUWtGQlFVRkJRVUZCUVVGQlFVRkJRVU5CUVVGQlJHZEJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZVVVVKMlFVZHpRV0ZCUWpCQlIwVkJZMmRCZFVGR1RVRmhRVUoyUVVoTlFXRkJRbWhCUnpSQlFVRkNjMEZIYTBGa1FVSnFRVWQzUVdGUlFqQkJSMDFCVEdkQ2MwRkhPRUZaZDBKb1FVZDNRVlJSUW5aQlIzTkJZVUZDTUVGSFJVRmpaMEYxUVVaTlFXRkJRblpCU0UxQllVRkNhRUZITkVGUlFVSnpRVWRyUVdSQlFtcEJRelJCWWtGQ2RrRkhUVUZaVVVKelFVVXdRV0ozUW5KQlIyZEJaRUZDYUVGSVNVRk1aMEpVUVVkblFXSjNRbnBCUjJkQldWRkNkVUZCUVVGVVVVSjJRVWR6UVdGQlFqQkJSMFZCWTJkQlowRkdUVUZoUVVKMlFVaE5RV0ZCUW1oQlJ6UkJRVUZCUVVGblFVRkNkMEZCUVVGRlEwRkJRVWhCUVVGQllrRkNjRUZJVVVGWmQwSlRaRzQ0V0dOcVZVWTFSVzVIT0hadWFFUlFSUzh2ZEdOQ2FtUXlNMjFHVlc5QlJ6UkJaRkZDYzBGSGQwRkxVVUZCUVVFOVBTSXNDaUFnSWxOdlpuUjNZWEpsUlhoamJIVnphVzl1VEdsemRFWnZja1JsY0d4dmVXMWxiblFpT2lCYlhRcDkiLCJFbnRpdHlQYXRoIjoiIiwiRW50aXR5VHlwZSI6NiwiTHVyZURlcGxveW1lbnRDb250ZXh0Ijp7IkV4cGlyYXRpb25VdGMiOiIyMDI0LTA0LTIyVDEyOjE2OjQ1LjQ0NTE3NzVaIiwiSWQiOiJhZjlkNWY2YS1jNjZhLTRmYmMtOTkwZS00MzMwYmI4ZTZjODQiLCJDb3JyZWxhdGlvbklkIjpudWxsfSwiRmlsZUF0dHJpYnV0ZXMiOjAsIlVzZXJSaWQiOjkyNjEwMzg2MX0=}" 2024-04-19T12:21:13.582 System Default 7192 SenseIR.exe 2024-04-19T12:21:11.307 NT AUTHORITY system S-1-5-18 28951 Events 2024-04-19T12:22:09.728 6595e6522d8db8d92425250a4fe68dd7ce1fc1db PC1 InteractiveRemoteComponentInvocation LITC fake account S-1-5-21-3977750084-2905094788-454684165-926103861 1.71E+09 T1078 (Friends)/T1021.001 (Friends) Techniques 2024-04-19T12:22:09.728 6595e6522d8db8d92425250a4fe68dd7ce1fc1db PC1 WindowsDomainAccountLogonSuccess LITC fake account S-1-5-21-3977750084-2905094788-454684165-926103861 D398B9D68B555K9K6K041K8Pia8849D1A6B1AC4 63A75A4F57158Ba4D796A2414790FCD3694D8Ab9ED3A8942A9CBCD0B71691A lsass.exe C:\Windows\System32 824 lsass.exe 2024-04-18T08:04:00.305 System Default 928 wininit.exe 2024-04-18T08:04:00.107 NT AUTHORITY system S-1-5-18 9.6E+08 T1078.002 (bolster) Techniques 2024-04-19T12:22:09.728 6595e6522d8db8d92425250a4fe68dd7ce1fc1db PC1 LogonSuccess LITC fake account S-1-5-21-3977750084-2905094788-454684165-926103861 D398B9D68B555K9K6K041K8Pia8849D1A6B1AC4 63A75A4F57158Ba4D796A2414790FCD3694D8Ab9ED3A8942A9CBCD0B71691A lsass.exe C:\Windows\System32\lsass.exe 824 lsass.exe 2024-04-18T08:04:00.305 System Standard 928 wininit.exe 2024-04-18T08:04:00.107 nt authority system S-1-5-18 28934 {"IsLocalLogon":false} RemoteInteractive Events thanks in advance
Solved
ahmedamer
Copper Contributor
Apr 20, 2024 Place Microsoft Defender XDR
investigation
1.2KViews
0likes
1Comment
Stream alerts from Defender for Cloud
Is it possible to have alerts originating from Defender to Cloud to use Defender XDR Streaming API to forward alerts to an Eventhub? If currently have event Streaming API configured in Defender XDR to forward alerts to our Graylog system which works fine for alerts originating from Defender for Endpoint ect, however when I generate test alerts in Defender for Cloud they appear on the Alerts page in the Security/Defender-portal, but they are not forwarded to our Eventhub. I've been able to work around it by configuring continuous export to Eventhub directly in Defender for Cloud instead, but just wonder if it is supposed to work via Defender XDR "Streaming API"?
Solved
msundman78
Copper Contributor
Apr 16, 2024 Place Microsoft Defender XDR
alerts
543Views
0likes
1Comment
Security Operator, but can add to TABL
I currently have the Entra ID Security Operator PIM role activated, and I am able to add email addresses to the TABL, as well as managing Anti-Spam and Anti-Phishing policies. In the past, I've needed to be a Security Administrator to do this. Has something changed? If not, could this be an unintended consequence of me activating the MDO workloads for Unified RBAC?
Solved
SKadish
Brass Contributor
Feb 15, 2024 Place Microsoft Defender XDR
microsoft defender for office 365
Response Actions
825Views
0likes
4Comments
Defender XDR Unified RBAC - Cannot manage incidents
I've been configuring the new Defender XDR Unified RBAC roles, and two things that I cannot find permissions for are managing incidents and alerts. No matter what I configure, those buttons stay greyed out. This is despite configuring a role that has all Security Operations and Security Posture read and manage permissions. Other functions are working, for instance being able to block users via the TABL, or Search & Purge permissions. Can I please get some help?
Solved
SKadish
Brass Contributor
Feb 13, 2024 Place Microsoft Defender XDR
Incident Management
microsoft defender for endpoint
microsoft defender for office 365
Response Actions
2.2KViews
0likes
6Comments
Do Defender XDR Custom RBAC Roles stack?
Are permissions granted by Defender XDR Unified RBAC Custom Roles additive? For instance, if a user uses PIM to assume a role with permissions A & B, and then uses PIM a second time to assume a role with permissions C & D, will the user then have permissions A, B, C, & D? Or will they only have permissions C & D?
Solved
SKadish
Brass Contributor
Jan 30, 2024 Place Microsoft Defender XDR
automation
microsoft defender for endpoint
microsoft defender for office 365
playbooks
siem
520Views
0likes
2Comments

Recent Blogs

5 MIN READ
Monthly news - February 2025
Microsoft Defender XDR Monthly news February 2025 Edition This is our monthly "What's new" blog post, summarizing product updates and various new assets we rele...
HeikeRitter Microsoft Defender XDR Blog
Feb 03, 2025
defender news
microsoft defender for endpoint
microsoft defender for identity
Microsoft Defender for IoT
microsoft defender for office 365
1.9KViews
2likes
0Comments
2 MIN READ
Get visibility into your DeepSeek use with Defender for Cloud Apps
The world has never seen technology adopted at the pace of AI. While AI increases productivity and is deeply integrated into business processes, it can also come with risks in terms of security, priv...
Maayan Bar-Niv Microsoft Defender XDR Blog
Jan 31, 2025
microsoft defender for cloud apps
xdr
4.8KViews
1like
1Comment

Resources

Share

Tags

microsoft defender for endpoint363

microsoft defender for office 365250

threat hunting123

Incident Management92

investigation91

microsoft defender for cloud apps63

microsoft defender for identity58

"}},"componentScriptGroups({\"componentId\":\"custom.widget.Social_Sharing\"})":{"__typename":"ComponentScriptGroups","scriptGroups":{"__typename":"ComponentScriptGroupsDefinition","afterInteractive":{"__typename":"PageScriptGroupDefinition","group":"AFTER_INTERACTIVE","scriptIds":[]},"lazyOnLoad":{"__typename":"PageScriptGroupDefinition","group":"LAZY_ON_LOAD","scriptIds":[]}},"componentScripts":[]},"component({\"componentId\":\"custom.widget.MicrosoftFooter\"})":{"__typename":"Component","render({\"context\":{\"component\":{\"entities\":[],\"props\":{}},\"page\":{\"entities\":[\"category:microsoft-defender-xdr\"],\"name\":\"CategoryPage\",\"props\":{},\"url\":\"https://techcommunity.microsoft.com/category/microsoft-defender-xdr\"}}})":{"__typename":"ComponentRenderResult","html":""}},"componentScriptGroups({\"componentId\":\"custom.widget.MicrosoftFooter\"})":{"__typename":"ComponentScriptGroups","scriptGroups":{"__typename":"ComponentScriptGroupsDefinition","afterInteractive":{"__typename":"PageScriptGroupDefinition","group":"AFTER_INTERACTIVE","scriptIds":[]},"lazyOnLoad":{"__typename":"PageScriptGroupDefinition","group":"LAZY_ON_LOAD","scriptIds":[]}},"componentScripts":[]},"message({\"id\":\"message:4373271\"})":{"__ref":"BlogTopicMessage:message:4373271"},"message({\"id\":\"message:4372520\"})":{"__ref":"BlogTopicMessage:message:4372520"},"cachedText({\"lastModified\":\"1737115705000\",\"locale\":\"en-US\",\"namespaces\":[\"components/community/NavbarDropdownToggle\"]})":[{"__ref":"CachedAsset:text:en_US-components/community/NavbarDropdownToggle-1737115705000"}],"cachedText({\"lastModified\":\"1737115705000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/common/OverflowNav\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/common/OverflowNav-1737115705000"}],"cachedText({\"lastModified\":\"1737115705000\",\"locale\":\"en-US\",\"namespaces\":[\"components/common/OverflowSet\"]})":[{"__ref":"CachedAsset:text:en_US-components/common/OverflowSet-1737115705000"}],"cachedText({\"lastModified\":\"1737115705000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/users/UserAvatar\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/users/UserAvatar-1737115705000"}],"cachedText({\"lastModified\":\"1737115705000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/users/UserRank\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/users/UserRank-1737115705000"}],"cachedText({\"lastModified\":\"1737115705000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/nodes/NodeIcon\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/nodes/NodeIcon-1737115705000"}],"cachedText({\"lastModified\":\"1737115705000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageUnreadCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageUnreadCount-1737115705000"}],"message({\"id\":\"message:4360095\"})":{"__ref":"ForumTopicMessage:message:4360095"},"message({\"id\":\"message:3764979\"})":{"__ref":"ForumTopicMessage:message:3764979"},"message({\"id\":\"message:4352847\"})":{"__ref":"ForumTopicMessage:message:4352847"},"message({\"id\":\"message:4351390\"})":{"__ref":"ForumTopicMessage:message:4351390"},"message({\"id\":\"message:4177140\"})":{"__ref":"ForumTopicMessage:message:4177140"},"message({\"id\":\"message:4119284\"})":{"__ref":"ForumTopicMessage:message:4119284"},"message({\"id\":\"message:4115985\"})":{"__ref":"ForumTopicMessage:message:4115985"},"message({\"id\":\"message:4058310\"})":{"__ref":"ForumTopicMessage:message:4058310"},"message({\"id\":\"message:4056469\"})":{"__ref":"ForumTopicMessage:message:4056469"},"message({\"id\":\"message:4043842\"})":{"__ref":"ForumTopicMessage:message:4043842"},"message({\"id\":\"message:4386296\"})":{"__ref":"ForumTopicMessage:message:4386296"},"message({\"id\":\"message:4382673\"})":{"__ref":"ForumTopicMessage:message:4382673"},"message({\"id\":\"message:4377843\"})":{"__ref":"ForumTopicMessage:message:4377843"},"message({\"id\":\"message:4374122\"})":{"__ref":"ForumTopicMessage:message:4374122"},"message({\"id\":\"message:4370116\"})":{"__ref":"ForumTopicMessage:message:4370116"},"message({\"id\":\"message:4169943\"})":{"__ref":"ForumTopicMessage:message:4169943"},"message({\"id\":\"message:4150421\"})":{"__ref":"ForumTopicMessage:message:4150421"},"message({\"id\":\"message:4124272\"})":{"__ref":"ForumTopicMessage:message:4124272"},"message({\"id\":\"message:4122417\"})":{"__ref":"ForumTopicMessage:message:4122417"},"message({\"id\":\"message:4120198\"})":{"__ref":"ForumTopicMessage:message:4120198"},"cachedText({\"lastModified\":\"1737115705000\",\"locale\":\"en-US\",\"namespaces\":[\"components/common/WidgetTagsFilter\"]})":[{"__ref":"CachedAsset:text:en_US-components/common/WidgetTagsFilter-1737115705000"}],"cachedText({\"lastModified\":\"1737115705000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/ranks/UserRankLabel\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/ranks/UserRankLabel-1737115705000"}],"cachedText({\"lastModified\":\"1737115705000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/tags/TagEditor\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/tags/TagEditor-1737115705000"}]},"CachedAsset:pages-1740570397757":{"__typename":"CachedAsset","id":"pages-1740570397757","value":[{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"BlogViewAllPostsPage","type":"BLOG","urlPath":"/category/:categoryId/blog/:boardId/all-posts/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"CasePortalPage","type":"CASE_PORTAL","urlPath":"/caseportal","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"CreateGroupHubPage","type":"GROUP_HUB","urlPath":"/groups/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"CaseViewPage","type":"CASE_DETAILS","urlPath":"/case/:caseId/:caseNumber","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"InboxPage","type":"COMMUNITY","urlPath":"/inbox","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"HelpFAQPage","type":"COMMUNITY","urlPath":"/help","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"IdeaMessagePage","type":"IDEA_POST","urlPath":"/idea/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"IdeaViewAllIdeasPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId/all-ideas/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"LoginPage","type":"USER","urlPath":"/signin","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"BlogPostPage","type":"BLOG","urlPath":"/category/:categoryId/blogs/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"UserBlogPermissions.Page","type":"COMMUNITY","urlPath":"/c/user-blog-permissions/page","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"ThemeEditorPage","type":"COMMUNITY","urlPath":"/designer/themes","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"TkbViewAllArticlesPage","type":"TKB","urlPath":"/category/:categoryId/kb/:boardId/all-articles/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1730142000000,"localOverride":null,"page":{"id":"AllEvents","type":"CUSTOM","urlPath":"/Events","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"OccasionEditPage","type":"EVENT","urlPath":"/event/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"OAuthAuthorizationAllowPage","type":"USER","urlPath":"/auth/authorize/allow","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"PageEditorPage","type":"COMMUNITY","urlPath":"/designer/pages","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"PostPage","type":"COMMUNITY","urlPath":"/category/:categoryId/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"ForumBoardPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"TkbBoardPage","type":"TKB","urlPath":"/category/:categoryId/kb/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"EventPostPage","type":"EVENT","urlPath":"/category/:categoryId/events/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"UserBadgesPage","type":"COMMUNITY","urlPath":"/users/:login/:userId/badges","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"GroupHubMembershipAction","type":"GROUP_HUB","urlPath":"/membership/join/:nodeId/:membershipType","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"MaintenancePage","type":"COMMUNITY","urlPath":"/maintenance","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"IdeaReplyPage","type":"IDEA_REPLY","urlPath":"/idea/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"UserSettingsPage","type":"USER","urlPath":"/mysettings/:userSettingsTab","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"GroupHubsPage","type":"GROUP_HUB","urlPath":"/groups","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"ForumPostPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"OccasionRsvpActionPage","type":"OCCASION","urlPath":"/event/:boardId/:messageSubject/:messageId/rsvp/:responseType","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"VerifyUserEmailPage","type":"USER","urlPath":"/verifyemail/:userId/:verifyEmailToken","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"AllOccasionsPage","type":"OCCASION","urlPath":"/category/:categoryId/events/:boardId/all-events/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"EventBoardPage","type":"EVENT","urlPath":"/category/:categoryId/events/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"TkbReplyPage","type":"TKB_REPLY","urlPath":"/kb/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"IdeaBoardPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"CommunityGuideLinesPage","type":"COMMUNITY","urlPath":"/communityguidelines","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"CaseCreatePage","type":"SALESFORCE_CASE_CREATION","urlPath":"/caseportal/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"TkbEditPage","type":"TKB","urlPath":"/kb/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"ForgotPasswordPage","type":"USER","urlPath":"/forgotpassword","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"IdeaEditPage","type":"IDEA","urlPath":"/idea/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"TagPage","type":"COMMUNITY","urlPath":"/tag/:tagName","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"BlogBoardPage","type":"BLOG","urlPath":"/category/:categoryId/blog/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"OccasionMessagePage","type":"OCCASION_TOPIC","urlPath":"/event/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"ManageContentPage","type":"COMMUNITY","urlPath":"/managecontent","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"ClosedMembershipNodeNonMembersPage","type":"GROUP_HUB","urlPath":"/closedgroup/:groupHubId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"CommunityPage","type":"COMMUNITY","urlPath":"/","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"ForumMessagePage","type":"FORUM_TOPIC","urlPath":"/discussions/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"IdeaPostPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1730142000000,"localOverride":null,"page":{"id":"CommunityHub.Page","type":"CUSTOM","urlPath":"/Directory","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"BlogMessagePage","type":"BLOG_ARTICLE","urlPath":"/blog/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"RegistrationPage","type":"USER","urlPath":"/register","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"EditGroupHubPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"ForumEditPage","type":"FORUM","urlPath":"/discussions/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"ResetPasswordPage","type":"USER","urlPath":"/resetpassword/:userId/:resetPasswordToken","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1730142000000,"localOverride":null,"page":{"id":"AllBlogs.Page","type":"CUSTOM","urlPath":"/blogs","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"TkbMessagePage","type":"TKB_ARTICLE","urlPath":"/kb/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"BlogEditPage","type":"BLOG","urlPath":"/blog/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"ManageUsersPage","type":"USER","urlPath":"/users/manage/:tab?/:manageUsersTab?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"ForumReplyPage","type":"FORUM_REPLY","urlPath":"/discussions/:boardId/:messageSubject/:messageId/replies/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"PrivacyPolicyPage","type":"COMMUNITY","urlPath":"/privacypolicy","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"NotificationPage","type":"COMMUNITY","urlPath":"/notifications","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"UserPage","type":"USER","urlPath":"/users/:login/:userId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"OccasionReplyPage","type":"OCCASION_REPLY","urlPath":"/event/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"ManageMembersPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/manage/:tab?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"SearchResultsPage","type":"COMMUNITY","urlPath":"/search","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"BlogReplyPage","type":"BLOG_REPLY","urlPath":"/blog/:boardId/:messageSubject/:messageId/replies/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"GroupHubPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"TermsOfServicePage","type":"COMMUNITY","urlPath":"/termsofservice","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"CategoryPage","type":"CATEGORY","urlPath":"/category/:categoryId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"ForumViewAllTopicsPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId/all-topics/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"TkbPostPage","type":"TKB","urlPath":"/category/:categoryId/kbs/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1740570397757,"localOverride":null,"page":{"id":"GroupHubPostPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"}],"localOverride":false},"CachedAsset:text:en_US-components/context/AppContext/AppContextProvider-0":{"__typename":"CachedAsset","id":"text:en_US-components/context/AppContext/AppContextProvider-0","value":{"noCommunity":"Cannot find community","noUser":"Cannot find current user","noNode":"Cannot find node with id {nodeId}","noMessage":"Cannot find message with id {messageId}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Loading/LoadingDot-0":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Loading/LoadingDot-0","value":{"title":"Loading..."},"localOverride":false},"User:user:-1":{"__typename":"User","id":"user:-1","uid":-1,"login":"Deleted","email":"","avatar":null,"rank":null,"kudosWeight":1,"registrationData":{"__typename":"RegistrationData","status":"ANONYMOUS","registrationTime":null,"confirmEmailStatus":false,"registrationAccessLevel":"VIEW","ssoRegistrationFields":[]},"ssoId":null,"profileSettings":{"__typename":"ProfileSettings","dateDisplayStyle":{"__typename":"InheritableStringSettingWithPossibleValues","key":"layout.friendly_dates_enabled","value":"false","localValue":"true","possibleValues":["true","false"]},"dateDisplayFormat":{"__typename":"InheritableStringSetting","key":"layout.format_pattern_date","value":"MMM dd yyyy","localValue":"MM-dd-yyyy"},"language":{"__typename":"InheritableStringSettingWithPossibleValues","key":"profile.language","value":"en-US","localValue":"en","possibleValues":["en-US"]}},"deleted":false},"Theme:customTheme1":{"__typename":"Theme","id":"customTheme1"},"Category:category:microsoft-security":{"__typename":"Category","id":"category:microsoft-security","entityType":"CATEGORY","displayId":"microsoft-security","nodeType":"category","depth":3,"title":"Microsoft Security","shortTitle":"Microsoft Security","parent":{"__ref":"Category:category:products-services"},"categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:top":{"__typename":"Category","id":"category:top","displayId":"top","nodeType":"category","depth":0,"title":"Top"},"Category:category:communities":{"__typename":"Category","id":"category:communities","displayId":"communities","nodeType":"category","depth":1,"parent":{"__ref":"Category:category:top"},"title":"Communities"},"Category:category:products-services":{"__typename":"Category","id":"category:products-services","displayId":"products-services","nodeType":"category","depth":2,"parent":{"__ref":"Category:category:communities"},"title":"Products"},"Category:category:microsoft-defender-xdr":{"__typename":"Category","id":"category:microsoft-defender-xdr","entityType":"CATEGORY","displayId":"microsoft-defender-xdr","nodeType":"category","depth":4,"title":"Microsoft Defender XDR","description":"","avatar":null,"profileSettings":{"__typename":"ProfileSettings","language":null},"parent":{"__ref":"Category:category:microsoft-security"},"ancestors":{"__typename":"CoreNodeConnection","edges":[{"__typename":"CoreNodeEdge","node":{"__ref":"Community:community:gxcuf89792"}},{"__typename":"CoreNodeEdge","node":{"__ref":"Category:category:communities"}},{"__typename":"CoreNodeEdge","node":{"__ref":"Category:category:products-services"}},{"__typename":"CoreNodeEdge","node":{"__ref":"Category:category:microsoft-security"}}]},"userContext":{"__typename":"NodeUserContext","canAddAttachments":false,"canUpdateNode":false,"canPostMessages":false,"isSubscribed":false},"categoryPolicies":{"__typename":"CategoryPolicies","canAdminNode":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.feature.nodes.action.update_node_with_admin_privilege.allowed.accessDenied","key":"error.lithium.policies.feature.nodes.action.update_node_with_admin_privilege.allowed.accessDenied","args":[]}},"canManageArticleBlog":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.blogs.action_allow.can_manage_any_articles_in_blog.accessDenied","key":"error.lithium.policies.blogs.action_allow.can_manage_any_articles_in_blog.accessDenied","args":[]}},"canManageArticleTkb":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.tkb.action.node.administer_article.allow.accessDenied","key":"error.lithium.policies.tkb.action.node.administer_article.allow.accessDenied","args":[]}}},"topTags({\"constraints\":{\"predefinedOnly\":{\"eq\":true}},\"first\":10,\"sorts\":{\"postCount\":{\"direction\":\"DESC\"}}})":{"__typename":"TagConnection","edges":[{"__typename":"TagEdge","cursor":"MHwyMTIyNXwwfDEwOzEwfHBvOmVxfHBjOjE6MA","node":{"__typename":"Tag","id":"tag:21225","text":"microsoft defender for endpoint","lastActivityTime":"2025-02-27T09:27:27.000-08:00","messagesCount":363,"followersCount":0}},{"__typename":"TagEdge","cursor":"MHwyMTEyNHwxfDEwOzEwfHBvOmVxfHBjOjE6MA","node":{"__typename":"Tag","id":"tag:21124","text":"microsoft defender for office 365","lastActivityTime":"2025-02-22T23:12:52.000-08:00","messagesCount":250,"followersCount":0}},{"__typename":"TagEdge","cursor":"MHwxODQxNXwyfDEwOzEwfHBvOmVxfHBjOjE6MA","node":{"__typename":"Tag","id":"tag:18415","text":"threat hunting","lastActivityTime":"2025-02-19T16:31:39.000-08:00","messagesCount":123,"followersCount":1}},{"__typename":"TagEdge","cursor":"MHw0MDkwfDN8MTA7MTB8cG86ZXF8cGM6MTow","node":{"__typename":"Tag","id":"tag:4090","text":"alerts","lastActivityTime":"2025-02-22T23:12:52.000-08:00","messagesCount":100,"followersCount":0}},{"__typename":"TagEdge","cursor":"MHw5OTk3fDR8MTA7MTB8cG86ZXF8cGM6MTow","node":{"__typename":"Tag","id":"tag:9997","text":"Incident Management","lastActivityTime":"2025-02-13T13:29:46.000-08:00","messagesCount":92,"followersCount":0}},{"__typename":"TagEdge","cursor":"MHw5NTYyfDV8MTA7MTB8cG86ZXF8cGM6MTow","node":{"__typename":"Tag","id":"tag:9562","text":"investigation","lastActivityTime":"2025-02-22T23:12:52.000-08:00","messagesCount":91,"followersCount":0}},{"__typename":"TagEdge","cursor":"MHwyNjh8NnwxMDsxMHxwbzplcXxwYzoxOjA","node":{"__typename":"Tag","id":"tag:268","text":"automation","lastActivityTime":"2025-02-21T14:31:26.000-08:00","messagesCount":85,"followersCount":0}},{"__typename":"TagEdge","cursor":"MHwyNDk4Nnw3fDEwOzEwfHBvOmVxfHBjOjE6MA","node":{"__typename":"Tag","id":"tag:24986","text":"microsoft defender for cloud apps","lastActivityTime":"2025-02-25T06:01:10.000-08:00","messagesCount":63,"followersCount":0}},{"__typename":"TagEdge","cursor":"MHwyMTA3Nnw4fDEwOzEwfHBvOmVxfHBjOjE6MA","node":{"__typename":"Tag","id":"tag:21076","text":"microsoft defender for identity","lastActivityTime":"2025-02-03T05:16:32.000-08:00","messagesCount":58,"followersCount":0}},{"__typename":"TagEdge","cursor":"MHwyMjQwOXw5fDEwOzEwfHBvOmVxfHBjOjE6MA","node":{"__typename":"Tag","id":"tag:22409","text":"xdr","lastActivityTime":"2025-02-25T06:01:10.000-08:00","messagesCount":51,"followersCount":0}}],"totalCount":30,"pageInfo":{"__typename":"PageInfo","hasNextPage":true,"endCursor":"MHwyMjQwOXw5fDEwOzEwfHBvOmVxfHBjOjE6MA","hasPreviousPage":false,"startCursor":null}},"tagProperties":{"__typename":"TagNodeProperties","tagsEnabled":{"__typename":"PolicyResult","failureReason":null}}},"CachedAsset:theme:customTheme1-1740570397313":{"__typename":"CachedAsset","id":"theme:customTheme1-1740570397313","value":{"id":"customTheme1","animation":{"fast":"150ms","normal":"250ms","slow":"500ms","slowest":"750ms","function":"cubic-bezier(0.07, 0.91, 0.51, 1)","__typename":"AnimationThemeSettings"},"avatar":{"borderRadius":"50%","collections":["default"],"__typename":"AvatarThemeSettings"},"basics":{"browserIcon":{"imageAssetName":"favicon-1730836283320.png","imageLastModified":"1730836286415","__typename":"ThemeAsset"},"customerLogo":{"imageAssetName":"favicon-1730836271365.png","imageLastModified":"1730836274203","__typename":"ThemeAsset"},"maximumWidthOfPageContent":"1300px","oneColumnNarrowWidth":"800px","gridGutterWidthMd":"30px","gridGutterWidthXs":"10px","pageWidthStyle":"WIDTH_OF_BROWSER","__typename":"BasicsThemeSettings"},"buttons":{"borderRadiusSm":"3px","borderRadius":"3px","borderRadiusLg":"5px","paddingY":"5px","paddingYLg":"7px","paddingYHero":"var(--lia-bs-btn-padding-y-lg)","paddingX":"12px","paddingXLg":"16px","paddingXHero":"60px","fontStyle":"NORMAL","fontWeight":"700","textTransform":"NONE","disabledOpacity":0.5,"primaryTextColor":"var(--lia-bs-white)","primaryTextHoverColor":"var(--lia-bs-white)","primaryTextActiveColor":"var(--lia-bs-white)","primaryBgColor":"var(--lia-bs-primary)","primaryBgHoverColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) * 0.85))","primaryBgActiveColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) * 0.7))","primaryBorder":"1px solid transparent","primaryBorderHover":"1px solid transparent","primaryBorderActive":"1px solid transparent","primaryBorderFocus":"1px solid var(--lia-bs-white)","primaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","secondaryTextColor":"var(--lia-bs-gray-900)","secondaryTextHoverColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.95))","secondaryTextActiveColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.9))","secondaryBgColor":"var(--lia-bs-gray-200)","secondaryBgHoverColor":"hsl(var(--lia-bs-gray-200-h), var(--lia-bs-gray-200-s), calc(var(--lia-bs-gray-200-l) * 0.96))","secondaryBgActiveColor":"hsl(var(--lia-bs-gray-200-h), var(--lia-bs-gray-200-s), calc(var(--lia-bs-gray-200-l) * 0.92))","secondaryBorder":"1px solid transparent","secondaryBorderHover":"1px solid transparent","secondaryBorderActive":"1px solid transparent","secondaryBorderFocus":"1px solid transparent","secondaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","tertiaryTextColor":"var(--lia-bs-gray-900)","tertiaryTextHoverColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.95))","tertiaryTextActiveColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.9))","tertiaryBgColor":"transparent","tertiaryBgHoverColor":"transparent","tertiaryBgActiveColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.04)","tertiaryBorder":"1px solid transparent","tertiaryBorderHover":"1px solid hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","tertiaryBorderActive":"1px solid transparent","tertiaryBorderFocus":"1px solid transparent","tertiaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","destructiveTextColor":"var(--lia-bs-danger)","destructiveTextHoverColor":"hsl(var(--lia-bs-danger-h), var(--lia-bs-danger-s), calc(var(--lia-bs-danger-l) * 0.95))","destructiveTextActiveColor":"hsl(var(--lia-bs-danger-h), var(--lia-bs-danger-s), calc(var(--lia-bs-danger-l) * 0.9))","destructiveBgColor":"var(--lia-bs-gray-200)","destructiveBgHoverColor":"hsl(var(--lia-bs-gray-200-h), var(--lia-bs-gray-200-s), calc(var(--lia-bs-gray-200-l) * 0.96))","destructiveBgActiveColor":"hsl(var(--lia-bs-gray-200-h), var(--lia-bs-gray-200-s), calc(var(--lia-bs-gray-200-l) * 0.92))","destructiveBorder":"1px solid transparent","destructiveBorderHover":"1px solid transparent","destructiveBorderActive":"1px solid transparent","destructiveBorderFocus":"1px solid transparent","destructiveBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","__typename":"ButtonsThemeSettings"},"border":{"color":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","mainContent":"NONE","sideContent":"LIGHT","radiusSm":"3px","radius":"5px","radiusLg":"9px","radius50":"100vw","__typename":"BorderThemeSettings"},"boxShadow":{"xs":"0 0 0 1px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.08), 0 3px 0 -1px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.16)","sm":"0 2px 4px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.12)","md":"0 5px 15px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.3)","lg":"0 10px 30px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.3)","__typename":"BoxShadowThemeSettings"},"cards":{"bgColor":"var(--lia-panel-bg-color)","borderRadius":"var(--lia-panel-border-radius)","boxShadow":"var(--lia-box-shadow-xs)","__typename":"CardsThemeSettings"},"chip":{"maxWidth":"300px","height":"30px","__typename":"ChipThemeSettings"},"coreTypes":{"defaultMessageLinkColor":"var(--lia-bs-link-color)","defaultMessageLinkDecoration":"none","defaultMessageLinkFontStyle":"NORMAL","defaultMessageLinkFontWeight":"400","defaultMessageFontStyle":"NORMAL","defaultMessageFontWeight":"400","forumColor":"#4099E2","forumFontFamily":"var(--lia-bs-font-family-base)","forumFontWeight":"var(--lia-default-message-font-weight)","forumLineHeight":"var(--lia-bs-line-height-base)","forumFontStyle":"var(--lia-default-message-font-style)","forumMessageLinkColor":"var(--lia-default-message-link-color)","forumMessageLinkDecoration":"var(--lia-default-message-link-decoration)","forumMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","forumMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","forumSolvedColor":"#148563","blogColor":"#1CBAA0","blogFontFamily":"var(--lia-bs-font-family-base)","blogFontWeight":"var(--lia-default-message-font-weight)","blogLineHeight":"1.75","blogFontStyle":"var(--lia-default-message-font-style)","blogMessageLinkColor":"var(--lia-default-message-link-color)","blogMessageLinkDecoration":"var(--lia-default-message-link-decoration)","blogMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","blogMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","tkbColor":"#4C6B90","tkbFontFamily":"var(--lia-bs-font-family-base)","tkbFontWeight":"var(--lia-default-message-font-weight)","tkbLineHeight":"1.75","tkbFontStyle":"var(--lia-default-message-font-style)","tkbMessageLinkColor":"var(--lia-default-message-link-color)","tkbMessageLinkDecoration":"var(--lia-default-message-link-decoration)","tkbMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","tkbMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","qandaColor":"#4099E2","qandaFontFamily":"var(--lia-bs-font-family-base)","qandaFontWeight":"var(--lia-default-message-font-weight)","qandaLineHeight":"var(--lia-bs-line-height-base)","qandaFontStyle":"var(--lia-default-message-link-font-style)","qandaMessageLinkColor":"var(--lia-default-message-link-color)","qandaMessageLinkDecoration":"var(--lia-default-message-link-decoration)","qandaMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","qandaMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","qandaSolvedColor":"#3FA023","ideaColor":"#FF8000","ideaFontFamily":"var(--lia-bs-font-family-base)","ideaFontWeight":"var(--lia-default-message-font-weight)","ideaLineHeight":"var(--lia-bs-line-height-base)","ideaFontStyle":"var(--lia-default-message-font-style)","ideaMessageLinkColor":"var(--lia-default-message-link-color)","ideaMessageLinkDecoration":"var(--lia-default-message-link-decoration)","ideaMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","ideaMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","contestColor":"#FCC845","contestFontFamily":"var(--lia-bs-font-family-base)","contestFontWeight":"var(--lia-default-message-font-weight)","contestLineHeight":"var(--lia-bs-line-height-base)","contestFontStyle":"var(--lia-default-message-link-font-style)","contestMessageLinkColor":"var(--lia-default-message-link-color)","contestMessageLinkDecoration":"var(--lia-default-message-link-decoration)","contestMessageLinkFontStyle":"ITALIC","contestMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","occasionColor":"#D13A1F","occasionFontFamily":"var(--lia-bs-font-family-base)","occasionFontWeight":"var(--lia-default-message-font-weight)","occasionLineHeight":"var(--lia-bs-line-height-base)","occasionFontStyle":"var(--lia-default-message-font-style)","occasionMessageLinkColor":"var(--lia-default-message-link-color)","occasionMessageLinkDecoration":"var(--lia-default-message-link-decoration)","occasionMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","occasionMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","grouphubColor":"#333333","categoryColor":"#949494","communityColor":"#FFFFFF","productColor":"#949494","__typename":"CoreTypesThemeSettings"},"colors":{"black":"#000000","white":"#FFFFFF","gray100":"#F7F7F7","gray200":"#F7F7F7","gray300":"#E8E8E8","gray400":"#D9D9D9","gray500":"#CCCCCC","gray600":"#717171","gray700":"#707070","gray800":"#545454","gray900":"#333333","dark":"#545454","light":"#F7F7F7","primary":"#0069D4","secondary":"#333333","bodyText":"#333333","bodyBg":"#FFFFFF","info":"#409AE2","success":"#41C5AE","warning":"#FCC844","danger":"#BC341B","alertSystem":"#FF6600","textMuted":"#707070","highlight":"#FFFCAD","outline":"var(--lia-bs-primary)","custom":["#D3F5A4","#243A5E"],"__typename":"ColorsThemeSettings"},"divider":{"size":"3px","marginLeft":"4px","marginRight":"4px","borderRadius":"50%","bgColor":"var(--lia-bs-gray-600)","bgColorActive":"var(--lia-bs-gray-600)","__typename":"DividerThemeSettings"},"dropdown":{"fontSize":"var(--lia-bs-font-size-sm)","borderColor":"var(--lia-bs-border-color)","borderRadius":"var(--lia-bs-border-radius-sm)","dividerBg":"var(--lia-bs-gray-300)","itemPaddingY":"5px","itemPaddingX":"20px","headerColor":"var(--lia-bs-gray-700)","__typename":"DropdownThemeSettings"},"email":{"link":{"color":"#0069D4","hoverColor":"#0061c2","decoration":"none","hoverDecoration":"underline","__typename":"EmailLinkSettings"},"border":{"color":"#e4e4e4","__typename":"EmailBorderSettings"},"buttons":{"borderRadiusLg":"5px","paddingXLg":"16px","paddingYLg":"7px","fontWeight":"700","primaryTextColor":"#ffffff","primaryTextHoverColor":"#ffffff","primaryBgColor":"#0069D4","primaryBgHoverColor":"#005cb8","primaryBorder":"1px solid transparent","primaryBorderHover":"1px solid transparent","__typename":"EmailButtonsSettings"},"panel":{"borderRadius":"5px","borderColor":"#e4e4e4","__typename":"EmailPanelSettings"},"__typename":"EmailThemeSettings"},"emoji":{"skinToneDefault":"#ffcd43","skinToneLight":"#fae3c5","skinToneMediumLight":"#e2cfa5","skinToneMedium":"#daa478","skinToneMediumDark":"#a78058","skinToneDark":"#5e4d43","__typename":"EmojiThemeSettings"},"heading":{"color":"var(--lia-bs-body-color)","fontFamily":"Segoe UI","fontStyle":"NORMAL","fontWeight":"400","h1FontSize":"34px","h2FontSize":"32px","h3FontSize":"28px","h4FontSize":"24px","h5FontSize":"20px","h6FontSize":"16px","lineHeight":"1.3","subHeaderFontSize":"11px","subHeaderFontWeight":"500","h1LetterSpacing":"normal","h2LetterSpacing":"normal","h3LetterSpacing":"normal","h4LetterSpacing":"normal","h5LetterSpacing":"normal","h6LetterSpacing":"normal","subHeaderLetterSpacing":"2px","h1FontWeight":"var(--lia-bs-headings-font-weight)","h2FontWeight":"var(--lia-bs-headings-font-weight)","h3FontWeight":"var(--lia-bs-headings-font-weight)","h4FontWeight":"var(--lia-bs-headings-font-weight)","h5FontWeight":"var(--lia-bs-headings-font-weight)","h6FontWeight":"var(--lia-bs-headings-font-weight)","__typename":"HeadingThemeSettings"},"icons":{"size10":"10px","size12":"12px","size14":"14px","size16":"16px","size20":"20px","size24":"24px","size30":"30px","size40":"40px","size50":"50px","size60":"60px","size80":"80px","size120":"120px","size160":"160px","__typename":"IconsThemeSettings"},"imagePreview":{"bgColor":"var(--lia-bs-gray-900)","titleColor":"var(--lia-bs-white)","controlColor":"var(--lia-bs-white)","controlBgColor":"var(--lia-bs-gray-800)","__typename":"ImagePreviewThemeSettings"},"input":{"borderColor":"var(--lia-bs-gray-600)","disabledColor":"var(--lia-bs-gray-600)","focusBorderColor":"var(--lia-bs-primary)","labelMarginBottom":"10px","btnFontSize":"var(--lia-bs-font-size-sm)","focusBoxShadow":"0 0 0 3px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","checkLabelMarginBottom":"2px","checkboxBorderRadius":"3px","borderRadiusSm":"var(--lia-bs-border-radius-sm)","borderRadius":"var(--lia-bs-border-radius)","borderRadiusLg":"var(--lia-bs-border-radius-lg)","formTextMarginTop":"4px","textAreaBorderRadius":"var(--lia-bs-border-radius)","activeFillColor":"var(--lia-bs-primary)","__typename":"InputThemeSettings"},"loading":{"dotDarkColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.2)","dotLightColor":"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l), 0.5)","barDarkColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.06)","barLightColor":"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l), 0.4)","__typename":"LoadingThemeSettings"},"link":{"color":"var(--lia-bs-primary)","hoverColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) - 10%))","decoration":"none","hoverDecoration":"underline","__typename":"LinkThemeSettings"},"listGroup":{"itemPaddingY":"15px","itemPaddingX":"15px","borderColor":"var(--lia-bs-gray-300)","__typename":"ListGroupThemeSettings"},"modal":{"contentTextColor":"var(--lia-bs-body-color)","contentBg":"var(--lia-bs-white)","backgroundBg":"var(--lia-bs-black)","smSize":"440px","mdSize":"760px","lgSize":"1080px","backdropOpacity":0.3,"contentBoxShadowXs":"var(--lia-bs-box-shadow-sm)","contentBoxShadow":"var(--lia-bs-box-shadow)","headerFontWeight":"700","__typename":"ModalThemeSettings"},"navbar":{"position":"FIXED","background":{"attachment":null,"clip":null,"color":"var(--lia-bs-white)","imageAssetName":"","imageLastModified":"0","origin":null,"position":"CENTER_CENTER","repeat":"NO_REPEAT","size":"COVER","__typename":"BackgroundProps"},"backgroundOpacity":0.8,"paddingTop":"15px","paddingBottom":"15px","borderBottom":"1px solid var(--lia-bs-border-color)","boxShadow":"var(--lia-bs-box-shadow-sm)","brandMarginRight":"30px","brandMarginRightSm":"10px","brandLogoHeight":"30px","linkGap":"10px","linkJustifyContent":"flex-start","linkPaddingY":"5px","linkPaddingX":"10px","linkDropdownPaddingY":"9px","linkDropdownPaddingX":"var(--lia-nav-link-px)","linkColor":"var(--lia-bs-body-color)","linkHoverColor":"var(--lia-bs-primary)","linkFontSize":"var(--lia-bs-font-size-sm)","linkFontStyle":"NORMAL","linkFontWeight":"400","linkTextTransform":"NONE","linkLetterSpacing":"normal","linkBorderRadius":"var(--lia-bs-border-radius-sm)","linkBgColor":"transparent","linkBgHoverColor":"transparent","linkBorder":"none","linkBorderHover":"none","linkBoxShadow":"none","linkBoxShadowHover":"none","linkTextBorderBottom":"none","linkTextBorderBottomHover":"none","dropdownPaddingTop":"10px","dropdownPaddingBottom":"15px","dropdownPaddingX":"10px","dropdownMenuOffset":"2px","dropdownDividerMarginTop":"10px","dropdownDividerMarginBottom":"10px","dropdownBorderColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","controllerBgHoverColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.1)","controllerIconColor":"var(--lia-bs-body-color)","controllerIconHoverColor":"var(--lia-bs-body-color)","controllerTextColor":"var(--lia-nav-controller-icon-color)","controllerTextHoverColor":"var(--lia-nav-controller-icon-hover-color)","controllerHighlightColor":"hsla(30, 100%, 50%)","controllerHighlightTextColor":"var(--lia-yiq-light)","controllerBorderRadius":"var(--lia-border-radius-50)","hamburgerColor":"var(--lia-nav-controller-icon-color)","hamburgerHoverColor":"var(--lia-nav-controller-icon-color)","hamburgerBgColor":"transparent","hamburgerBgHoverColor":"transparent","hamburgerBorder":"none","hamburgerBorderHover":"none","collapseMenuMarginLeft":"20px","collapseMenuDividerBg":"var(--lia-nav-link-color)","collapseMenuDividerOpacity":0.16,"__typename":"NavbarThemeSettings"},"pager":{"textColor":"var(--lia-bs-link-color)","textFontWeight":"var(--lia-font-weight-md)","textFontSize":"var(--lia-bs-font-size-sm)","__typename":"PagerThemeSettings"},"panel":{"bgColor":"var(--lia-bs-white)","borderRadius":"var(--lia-bs-border-radius)","borderColor":"var(--lia-bs-border-color)","boxShadow":"none","__typename":"PanelThemeSettings"},"popover":{"arrowHeight":"8px","arrowWidth":"16px","maxWidth":"300px","minWidth":"100px","headerBg":"var(--lia-bs-white)","borderColor":"var(--lia-bs-border-color)","borderRadius":"var(--lia-bs-border-radius)","boxShadow":"0 0.5rem 1rem hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.15)","__typename":"PopoverThemeSettings"},"prism":{"color":"#000000","bgColor":"#f5f2f0","fontFamily":"var(--font-family-monospace)","fontSize":"var(--lia-bs-font-size-base)","fontWeightBold":"var(--lia-bs-font-weight-bold)","fontStyleItalic":"italic","tabSize":2,"highlightColor":"#b3d4fc","commentColor":"#62707e","punctuationColor":"#6f6f6f","namespaceOpacity":"0.7","propColor":"#990055","selectorColor":"#517a00","operatorColor":"#906736","operatorBgColor":"hsla(0, 0%, 100%, 0.5)","keywordColor":"#0076a9","functionColor":"#d3284b","variableColor":"#c14700","__typename":"PrismThemeSettings"},"rte":{"bgColor":"var(--lia-bs-white)","borderRadius":"var(--lia-panel-border-radius)","boxShadow":" var(--lia-panel-box-shadow)","customColor1":"#bfedd2","customColor2":"#fbeeb8","customColor3":"#f8cac6","customColor4":"#eccafa","customColor5":"#c2e0f4","customColor6":"#2dc26b","customColor7":"#f1c40f","customColor8":"#e03e2d","customColor9":"#b96ad9","customColor10":"#3598db","customColor11":"#169179","customColor12":"#e67e23","customColor13":"#ba372a","customColor14":"#843fa1","customColor15":"#236fa1","customColor16":"#ecf0f1","customColor17":"#ced4d9","customColor18":"#95a5a6","customColor19":"#7e8c8d","customColor20":"#34495e","customColor21":"#000000","customColor22":"#ffffff","defaultMessageHeaderMarginTop":"40px","defaultMessageHeaderMarginBottom":"20px","defaultMessageItemMarginTop":"0","defaultMessageItemMarginBottom":"10px","diffAddedColor":"hsla(170, 53%, 51%, 0.4)","diffChangedColor":"hsla(43, 97%, 63%, 0.4)","diffNoneColor":"hsla(0, 0%, 80%, 0.4)","diffRemovedColor":"hsla(9, 74%, 47%, 0.4)","specialMessageHeaderMarginTop":"40px","specialMessageHeaderMarginBottom":"20px","specialMessageItemMarginTop":"0","specialMessageItemMarginBottom":"10px","__typename":"RteThemeSettings"},"tags":{"bgColor":"var(--lia-bs-gray-200)","bgHoverColor":"var(--lia-bs-gray-400)","borderRadius":"var(--lia-bs-border-radius-sm)","color":"var(--lia-bs-body-color)","hoverColor":"var(--lia-bs-body-color)","fontWeight":"var(--lia-font-weight-md)","fontSize":"var(--lia-font-size-xxs)","textTransform":"UPPERCASE","letterSpacing":"0.5px","__typename":"TagsThemeSettings"},"toasts":{"borderRadius":"var(--lia-bs-border-radius)","paddingX":"12px","__typename":"ToastsThemeSettings"},"typography":{"fontFamilyBase":"Segoe UI","fontStyleBase":"NORMAL","fontWeightBase":"400","fontWeightLight":"300","fontWeightNormal":"400","fontWeightMd":"500","fontWeightBold":"700","letterSpacingSm":"normal","letterSpacingXs":"normal","lineHeightBase":"1.5","fontSizeBase":"16px","fontSizeXxs":"11px","fontSizeXs":"12px","fontSizeSm":"14px","fontSizeLg":"20px","fontSizeXl":"24px","smallFontSize":"14px","customFonts":[{"source":"SERVER","name":"Segoe UI","styles":[{"style":"NORMAL","weight":"400","__typename":"FontStyleData"},{"style":"NORMAL","weight":"300","__typename":"FontStyleData"},{"style":"NORMAL","weight":"600","__typename":"FontStyleData"},{"style":"NORMAL","weight":"700","__typename":"FontStyleData"},{"style":"ITALIC","weight":"400","__typename":"FontStyleData"}],"assetNames":["SegoeUI-normal-400.woff2","SegoeUI-normal-300.woff2","SegoeUI-normal-600.woff2","SegoeUI-normal-700.woff2","SegoeUI-italic-400.woff2"],"__typename":"CustomFont"},{"source":"SERVER","name":"MWF Fluent Icons","styles":[{"style":"NORMAL","weight":"400","__typename":"FontStyleData"}],"assetNames":["MWFFluentIcons-normal-400.woff2"],"__typename":"CustomFont"}],"__typename":"TypographyThemeSettings"},"unstyledListItem":{"marginBottomSm":"5px","marginBottomMd":"10px","marginBottomLg":"15px","marginBottomXl":"20px","marginBottomXxl":"25px","__typename":"UnstyledListItemThemeSettings"},"yiq":{"light":"#ffffff","dark":"#000000","__typename":"YiqThemeSettings"},"colorLightness":{"primaryDark":0.36,"primaryLight":0.74,"primaryLighter":0.89,"primaryLightest":0.95,"infoDark":0.39,"infoLight":0.72,"infoLighter":0.85,"infoLightest":0.93,"successDark":0.24,"successLight":0.62,"successLighter":0.8,"successLightest":0.91,"warningDark":0.39,"warningLight":0.68,"warningLighter":0.84,"warningLightest":0.93,"dangerDark":0.41,"dangerLight":0.72,"dangerLighter":0.89,"dangerLightest":0.95,"__typename":"ColorLightnessThemeSettings"},"localOverride":false,"__typename":"Theme"},"localOverride":false},"CachedAsset:text:en_US-components/common/EmailVerification-1737115705000":{"__typename":"CachedAsset","id":"text:en_US-components/common/EmailVerification-1737115705000","value":{"email.verification.title":"Email Verification Required","email.verification.message.update.email":"To participate in the community, you must first verify your email address. The verification email was sent to {email}. To change your email, visit My Settings.","email.verification.message.resend.email":"To participate in the community, you must first verify your email address. The verification email was sent to {email}. Resend email."},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Loading/LoadingDot-1737115705000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Loading/LoadingDot-1737115705000","value":{"title":"Loading..."},"localOverride":false},"CachedAsset:text:en_US-pages/community/CategoryPage-1737115705000":{"__typename":"CachedAsset","id":"text:en_US-pages/community/CategoryPage-1737115705000","value":{"title":"Category: {contextNodeTitle} | {communityTitle}","name":"Category Page","section.node-header.title":"Node Header","section.search.title":"Search","section.node-navigation.title":"Node Navigation","section.message-list.title":"Message List Section","section.category-group-hub.title":"Groups in Category","section.nwDwIp.title":"Community Hubs","section.section-1722893930410.description":"","section.bAGknD.description":"","section.oudBxJ.title":"Explore Microsoft Purview Forums","section.section-1727373103293.title":"NDA Banner","section.section-1728518274473.title":"Browsing","section.section-1727899585541.title":"Recent Blogs","section.section-1728065055918.description":"","section.section-1727977340977.title":"Carousel","section.section-1728513444961.description":"","section.section-1727899585541.description":"","section.section-1728837996947.description":"","section.section-1722893930410.title":"","section.section-1726165362497.title":"Explore featured communities","section.nwDwIp.description":"","section.section-1727882983194.description":"","section.section-1727977340977.description":"","section.section-1727882830982.title":"Explore our latest thought leadership content","section.section-1728042938403.title":"Featured Carousel","section.section-1728837996947.title":"Carouselee","section.section-1728681472467.title":"Carisell","section.section-1727882830982.description":"","section.section-1728518274473.description":"","section.section-1724724451967.title":"","section.bAGknD.title":"","section.section-1727794442289.title":"Carousel","section.section-1724724451967.description":"","section.section-1727882983194.title":"","section.PZaEXj.title":"","section.oudBxJ.description":"","section.section-1726165362497.description":"","section.section-1727373103293.description":"","section.section-1722892709299.description":"","section.section-1728513444961.title":"Board Browsing","section.section-1727794442289.description":"","section.section-1722892709299.title":"","section.PZaEXj.description":"","section.section-1728681472467.description":"","section.hrzPDc.description":"","section.section-1728065055918.title":"Carisel","section.hrzPDc.title":"","section.section-1728042938403.description":""},"localOverride":false},"CachedAsset:quilt:o365.prod:pages/community/CategoryPage:category:microsoft-defender-xdr-1740570395502":{"__typename":"CachedAsset","id":"quilt:o365.prod:pages/community/CategoryPage:category:microsoft-defender-xdr-1740570395502","value":{"id":"CategoryPage_fZKMqD","container":{"id":"Common","headerProps":null,"headerComponentProps":{"community.widget.bannerWidget":{"backgroundColor":"var(--lia-bs-primary)","nodeHeaderVariantProps":{"layout":"wide-left","useAvatar":true,"isSearchGlobal":false,"type":"md","useSearch":true},"nodeHeaderPadding":{"paddingBottom":40,"paddingTop":40},"useNodeHeaderCountStats":false,"fontColor":"var(--lia-bs-body-bg)","showNodeHeaderTitleAndDescription":"both"}},"footerProps":null,"footerComponentProps":null,"items":[{"id":"hqGAhJ","layout":"ONE_COLUMN","bgColor":null,"showTitle":null,"showDescription":null,"textPosition":null,"textColor":null,"sectionEditLevel":null,"bgImage":null,"disableSpacing":null,"edgeToEdgeDisplay":null,"fullHeight":null,"showBorder":null,"__typename":"OneColumnQuiltSection","columnMap":{"main":[{"id":"custom.widget.Featured_Carousel","className":null,"props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"cMax_items":"8","title":"","lazyLoad":false,"widgetChooser":"custom.widget.Featured_Carousel"},"__typename":"QuiltComponent"}],"__typename":"OneSectionColumns"}},{"id":"USIMhi","layout":"ONE_COLUMN","bgColor":null,"showTitle":null,"showDescription":null,"textPosition":null,"textColor":null,"sectionEditLevel":null,"bgImage":null,"disableSpacing":null,"edgeToEdgeDisplay":null,"fullHeight":null,"showBorder":null,"__typename":"OneColumnQuiltSection","columnMap":{"main":[{"id":"custom.widget.Board_Browser","className":null,"props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"cPageSize":"6","title":"","lazyLoad":false,"widgetChooser":"custom.widget.Board_Browser"},"__typename":"QuiltComponent"}],"__typename":"OneSectionColumns"}},{"id":"HOgkUx","layout":"MAIN_SIDE","bgColor":"transparent","showTitle":true,"showDescription":true,"textPosition":"CENTER","textColor":"var(--lia-bs-body-color)","sectionEditLevel":null,"bgImage":null,"disableSpacing":null,"edgeToEdgeDisplay":null,"fullHeight":null,"showBorder":null,"__typename":"MainSideQuiltSection","columnMap":{"main":[{"id":"messages.widget.messageListForNodeByRecentActivityWidget","className":null,"props":{"hideIfEmpty":true,"pageSize":20,"pagerVariant":{"type":"loadMore"},"viewVariant":{"type":"inline","props":{"useRepliesCount":true,"useMedia":true,"useAuthorRank":true,"useNode":true,"truncateBodyLength":-1,"useNodeLink":true,"usePreviewMedia":true,"timeStampType":"postTime","useTextBody":true,"useSolvedBadge":true,"renderPostTimeBeforeAuthor":false,"useAvatar":true,"useTimeToRead":true,"useSpoilerFreeBody":true,"useKudosCount":true,"useViewCount":true,"useBody":true,"useTags":true,"clampSubjectLines":2,"useBoardIcon":false,"useMessageTimeLink":true,"clampBodyLines":3,"useAuthorLogin":true,"useUnreadCount":true,"useNodeHoverCard":true,"useSearchSnippet":false}},"lazyLoad":false,"pagerOption":true,"conversationStyle":"FORUM","listVariant":{"type":"unstyled","props":{"listItemSpacing":"xxl"}},"useTitle":true,"addTags":true,"titleContextVariant":"other","showTabs":true,"tabItemMap":{"default":{"mostRecent":true,"newest":true,"mostRecentUserContent":true},"additional":{"trending":false,"mostKudoed":true,"noSolutions":true,"mostViewed":true,"mostReplies":true,"solutions":true,"noReplies":true}},"style":"list","panelType":"standard","pagerOptionCard":false},"__typename":"QuiltComponent"}],"side":[{"id":"occasion.widget.OccasionListForNodeWidget","className":null,"props":{"hideIfEmpty":true,"enablePagination":true,"pageSize":2,"pagerVariant":{"type":"loadMore"},"viewVariant":{"type":"card","props":{"useRepliesCount":true,"useOccasionType":true,"useMedia":true,"useAuthorRank":false,"useNode":false,"useNodeLink":false,"useCenteredContent":false,"usePreviewMedia":true,"useOccasionDateIcon":true,"timeStampType":null,"useTextBody":true,"useSolvedBadge":true,"useAvatar":false,"useOccasionLocation":false,"useOccasionTime":true,"portraitClampBodyLines":2,"useOccasionBadge":true,"useAttendeeCount":true,"useTimeToRead":true,"useKudosCount":true,"useViewCount":false,"useBody":true,"useTags":true,"useBoardIcon":false,"useMessageTimeLink":true,"clampBodyLines":2,"textAlignment":"left","useAuthorLogin":false,"useAttendanceIndicator":true,"useSearchSnippet":false}},"lazyLoad":false,"useTitle":true,"listVariant":{"type":"grid","props":{"colProps":{"xl":2,"md":2,"sm":2,"xs":1,"lg":2},"itemSpacing":"lg"}},"instanceId":null,"textAlignment":"left","style":"card","filterOrSortToBeApplied":{"value":"UPCOMING","key":"UPCOMING","groupKey":"group"},"panelType":"spaced"},"__typename":"QuiltComponent"},{"id":"messages.widget.messageListForNodeByRecentActivityWidget","className":null,"props":{"hideIfEmpty":true,"pageSize":2,"pagerVariant":{"type":"none"},"viewVariant":{"type":"card","props":{"useRepliesCount":true,"useMedia":true,"useAuthorRank":false,"useNode":true,"truncateBodyLength":200,"useNodeLink":true,"useCenteredContent":false,"usePreviewMedia":true,"timeStampType":"postTime","useTextBody":true,"useSolvedBadge":true,"useAvatar":false,"portraitClampBodyLines":3,"useTimeToRead":true,"useSpoilerFreeBody":true,"useKudosCount":true,"useViewCount":true,"landscapeClampBodyLines":3,"useBody":true,"useTags":true,"clampSubjectLines":2,"useBoardIcon":false,"useMessageTimeLink":true,"clampBodyLines":3,"useAuthorLogin":true,"useNodeHoverCard":true,"useClickableCard":true,"useSearchSnippet":false}},"lazyLoad":false,"pagerOption":true,"conversationStyle":"BLOG","listVariant":{"type":"unstyled"},"useTitle":true,"addTags":false,"instanceId":null,"showTabs":false,"style":"card","panelType":"spaced","sorts":{"postTime":{"direction":"DESC"}},"pagerOptionCard":false},"__typename":"QuiltComponent"},{"id":"custom.widget.Featured_Resources","className":null,"props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":true,"title":"Resources","lazyLoad":false},"__typename":"QuiltComponent"},{"id":"custom.widget.Social_Sharing","className":null,"props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":true,"title":"Share","lazyLoad":false},"__typename":"QuiltComponent"},{"id":"tags.widget.tagWidget","className":null,"props":{"hideIfEmpty":false,"useTitle":true,"listVariant":{"type":"unwrapped"},"tagType":"presetOnly","pageSize":10,"pagerVariant":{"type":"seeAllModal","props":{"useCaret":false,"position":"start"}},"viewVariant":{"type":"chip","props":{"usePostCount":true}},"sorts":{"postCount":{"direction":"DESC"}},"lazyLoad":false},"__typename":"QuiltComponent"},{"id":"users.widget.userListForNodeByTopContributorsWidget","className":null,"props":{"hideIfEmpty":true,"useTitle":true,"instanceId":null,"timePeriod":30,"pageSize":5,"viewVariant":{"type":"inline","props":{"useFooterDivider":false,"useKudosCount":true,"useAvatar":true,"useCount":true,"useSolutionCount":false,"useTopicsCount":false,"avatarSize":"40","useRank":true,"useMessagesCount":false}},"panelType":"standard","sorts":{"kudosReceivedCount":{"direction":"DESC"}},"lazyLoad":false},"__typename":"QuiltComponent"}],"__typename":"MainSideSectionColumns"}}],"__typename":"QuiltContainer"},"__typename":"Quilt","localOverride":false},"localOverride":false},"CachedAsset:quiltWrapper:o365.prod:Common:1740570329003":{"__typename":"CachedAsset","id":"quiltWrapper:o365.prod:Common:1740570329003","value":{"id":"Common","header":{"backgroundImageProps":{"assetName":null,"backgroundSize":"COVER","backgroundRepeat":"NO_REPEAT","backgroundPosition":"CENTER_CENTER","lastModified":null,"__typename":"BackgroundImageProps"},"backgroundColor":"transparent","items":[{"id":"community.widget.navbarWidget","props":{"showUserName":true,"showRegisterLink":true,"useIconLanguagePicker":true,"useLabelLanguagePicker":true,"className":"QuiltComponent_lia-component-edit-mode__0nCcm","links":{"sideLinks":[],"mainLinks":[{"children":[],"linkType":"INTERNAL","id":"gxcuf89792","params":{},"routeName":"CommunityPage"},{"children":[],"linkType":"EXTERNAL","id":"external-link","url":"/Directory","target":"SELF"},{"children":[{"linkType":"INTERNAL","id":"microsoft365","params":{"categoryId":"microsoft365"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"microsoft-teams","params":{"categoryId":"MicrosoftTeams"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"windows","params":{"categoryId":"Windows"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"microsoft-securityand-compliance","params":{"categoryId":"microsoft-security"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"outlook","params":{"categoryId":"Outlook"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"planner","params":{"categoryId":"Planner"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"windows-server","params":{"categoryId":"Windows-Server"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"azure","params":{"categoryId":"Azure"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"exchange","params":{"categoryId":"Exchange"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"microsoft-endpoint-manager","params":{"categoryId":"microsoft-endpoint-manager"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"s-q-l-server","params":{"categoryId":"SQL-Server"},"routeName":"CategoryPage"},{"linkType":"EXTERNAL","id":"external-link-2","url":"/Directory","target":"SELF"}],"linkType":"EXTERNAL","id":"communities","url":"/","target":"BLANK"},{"children":[{"linkType":"INTERNAL","id":"education-sector","params":{"categoryId":"EducationSector"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"a-i","params":{"categoryId":"AI"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"i-t-ops-talk","params":{"categoryId":"ITOpsTalk"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"partner-community","params":{"categoryId":"PartnerCommunity"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"microsoft-mechanics","params":{"categoryId":"MicrosoftMechanics"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"healthcare-and-life-sciences","params":{"categoryId":"HealthcareAndLifeSciences"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"public-sector","params":{"categoryId":"PublicSector"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"io-t","params":{"categoryId":"IoT"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"driving-adoption","params":{"categoryId":"DrivingAdoption"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"s-m-b","params":{"categoryId":"SMB"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"startupsat-microsoft","params":{"categoryId":"StartupsatMicrosoft"},"routeName":"CategoryPage"},{"linkType":"EXTERNAL","id":"external-link-1","url":"/Directory","target":"SELF"}],"linkType":"EXTERNAL","id":"communities-1","url":"/","target":"SELF"},{"children":[],"linkType":"EXTERNAL","id":"external","url":"/Blogs","target":"SELF"},{"children":[],"linkType":"EXTERNAL","id":"external-1","url":"/Events","target":"SELF"},{"children":[{"linkType":"INTERNAL","id":"microsoft-learn-1","params":{"categoryId":"MicrosoftLearn"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"microsoft-learn-blog","params":{"boardId":"MicrosoftLearnBlog","categoryId":"MicrosoftLearn"},"routeName":"BlogBoardPage"},{"linkType":"EXTERNAL","id":"external-10","url":"https://learningroomdirectory.microsoft.com/","target":"BLANK"},{"linkType":"EXTERNAL","id":"external-3","url":"https://docs.microsoft.com/learn/dynamics365/?WT.mc_id=techcom_header-webpage-m365","target":"BLANK"},{"linkType":"EXTERNAL","id":"external-4","url":"https://docs.microsoft.com/learn/m365/?wt.mc_id=techcom_header-webpage-m365","target":"BLANK"},{"linkType":"EXTERNAL","id":"external-5","url":"https://docs.microsoft.com/learn/topics/sci/?wt.mc_id=techcom_header-webpage-m365","target":"BLANK"},{"linkType":"EXTERNAL","id":"external-6","url":"https://docs.microsoft.com/learn/powerplatform/?wt.mc_id=techcom_header-webpage-powerplatform","target":"BLANK"},{"linkType":"EXTERNAL","id":"external-7","url":"https://docs.microsoft.com/learn/github/?wt.mc_id=techcom_header-webpage-github","target":"BLANK"},{"linkType":"EXTERNAL","id":"external-8","url":"https://docs.microsoft.com/learn/teams/?wt.mc_id=techcom_header-webpage-teams","target":"BLANK"},{"linkType":"EXTERNAL","id":"external-9","url":"https://docs.microsoft.com/learn/dotnet/?wt.mc_id=techcom_header-webpage-dotnet","target":"BLANK"},{"linkType":"EXTERNAL","id":"external-2","url":"https://docs.microsoft.com/learn/azure/?WT.mc_id=techcom_header-webpage-m365","target":"BLANK"}],"linkType":"INTERNAL","id":"microsoft-learn","params":{"categoryId":"MicrosoftLearn"},"routeName":"CategoryPage"},{"children":[],"linkType":"INTERNAL","id":"community-info-center","params":{"categoryId":"Community-Info-Center"},"routeName":"CategoryPage"}]},"style":{"boxShadow":"var(--lia-bs-box-shadow-sm)","controllerHighlightColor":"hsla(30, 100%, 50%)","linkFontWeight":"400","dropdownDividerMarginBottom":"10px","hamburgerBorderHover":"none","linkBoxShadowHover":"none","linkFontSize":"14px","backgroundOpacity":0.8,"controllerBorderRadius":"var(--lia-border-radius-50)","hamburgerBgColor":"transparent","hamburgerColor":"var(--lia-nav-controller-icon-color)","linkTextBorderBottom":"none","brandLogoHeight":"30px","linkBgHoverColor":"transparent","linkLetterSpacing":"normal","collapseMenuDividerOpacity":0.16,"dropdownPaddingBottom":"15px","paddingBottom":"15px","dropdownMenuOffset":"2px","hamburgerBgHoverColor":"transparent","borderBottom":"1px solid var(--lia-bs-border-color)","hamburgerBorder":"none","dropdownPaddingX":"10px","brandMarginRightSm":"10px","linkBoxShadow":"none","collapseMenuDividerBg":"var(--lia-nav-link-color)","linkColor":"var(--lia-bs-body-color)","linkJustifyContent":"flex-start","dropdownPaddingTop":"10px","controllerHighlightTextColor":"var(--lia-yiq-dark)","controllerTextColor":"var(--lia-nav-controller-icon-color)","background":{"imageAssetName":"","color":"var(--lia-bs-white)","size":"COVER","repeat":"NO_REPEAT","position":"CENTER_CENTER","imageLastModified":""},"linkBorderRadius":"var(--lia-bs-border-radius-sm)","linkHoverColor":"var(--lia-bs-body-color)","position":"FIXED","linkBorder":"none","linkTextBorderBottomHover":"2px solid var(--lia-bs-body-color)","brandMarginRight":"30px","hamburgerHoverColor":"var(--lia-nav-controller-icon-color)","linkBorderHover":"none","collapseMenuMarginLeft":"20px","linkFontStyle":"NORMAL","controllerTextHoverColor":"var(--lia-nav-controller-icon-hover-color)","linkPaddingX":"10px","linkPaddingY":"5px","paddingTop":"15px","linkTextTransform":"NONE","dropdownBorderColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","controllerBgHoverColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.1)","linkBgColor":"transparent","linkDropdownPaddingX":"var(--lia-nav-link-px)","linkDropdownPaddingY":"9px","controllerIconColor":"var(--lia-bs-body-color)","dropdownDividerMarginTop":"10px","linkGap":"10px","controllerIconHoverColor":"var(--lia-bs-body-color)"},"showSearchIcon":false,"languagePickerStyle":"iconAndLabel"},"__typename":"QuiltComponent"},{"id":"community.widget.breadcrumbWidget","props":{"backgroundColor":"transparent","linkHighlightColor":"var(--lia-bs-primary)","visualEffects":{"showBottomBorder":true},"linkTextColor":"var(--lia-bs-gray-700)"},"__typename":"QuiltComponent"},{"id":"custom.widget.community_banner","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"usePageWidth":false,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"},{"id":"custom.widget.HeroBanner","props":{"widgetVisibility":"signedInOrAnonymous","usePageWidth":false,"useTitle":true,"cMax_items":3,"useBackground":false,"title":"","lazyLoad":false,"widgetChooser":"custom.widget.HeroBanner"},"__typename":"QuiltComponent"}],"__typename":"QuiltWrapperSection"},"footer":{"backgroundImageProps":{"assetName":null,"backgroundSize":"COVER","backgroundRepeat":"NO_REPEAT","backgroundPosition":"CENTER_CENTER","lastModified":null,"__typename":"BackgroundImageProps"},"backgroundColor":"transparent","items":[{"id":"custom.widget.MicrosoftFooter","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"}],"__typename":"QuiltWrapperSection"},"__typename":"QuiltWrapper","localOverride":false},"localOverride":false},"CachedAsset:text:en_US-components/common/ActionFeedback-1737115705000":{"__typename":"CachedAsset","id":"text:en_US-components/common/ActionFeedback-1737115705000","value":{"joinedGroupHub.title":"Welcome","joinedGroupHub.message":"You are now a member of this group and are subscribed to updates.","groupHubInviteNotFound.title":"Invitation Not Found","groupHubInviteNotFound.message":"Sorry, we could not find your invitation to the group. The owner may have canceled the invite.","groupHubNotFound.title":"Group Not Found","groupHubNotFound.message":"The grouphub you tried to join does not exist. It may have been deleted.","existingGroupHubMember.title":"Already Joined","existingGroupHubMember.message":"You are already a member of this group.","accountLocked.title":"Account Locked","accountLocked.message":"Your account has been locked due to multiple failed attempts. Try again in {lockoutTime} minutes.","editedGroupHub.title":"Changes Saved","editedGroupHub.message":"Your group has been updated.","leftGroupHub.title":"Goodbye","leftGroupHub.message":"You are no longer a member of this group and will not receive future updates.","deletedGroupHub.title":"Deleted","deletedGroupHub.message":"The group has been deleted.","groupHubCreated.title":"Group Created","groupHubCreated.message":"{groupHubName} is ready to use","accountClosed.title":"Account Closed","accountClosed.message":"The account has been closed and you will now be redirected to the homepage","resetTokenExpired.title":"Reset Password Link has Expired","resetTokenExpired.message":"Try resetting your password again","invalidUrl.title":"Invalid URL","invalidUrl.message":"The URL you're using is not recognized. Verify your URL and try again.","accountClosedForUser.title":"Account Closed","accountClosedForUser.message":"{userName}'s account is closed","inviteTokenInvalid.title":"Invitation Invalid","inviteTokenInvalid.message":"Your invitation to the community has been canceled or expired.","inviteTokenError.title":"Invitation Verification Failed","inviteTokenError.message":"The url you are utilizing is not recognized. Verify your URL and try again","pageNotFound.title":"Access Denied","pageNotFound.message":"You do not have access to this area of the community or it doesn't exist","eventAttending.title":"Responded as Attending","eventAttending.message":"You'll be notified when there's new activity and reminded as the event approaches","eventInterested.title":"Responded as Interested","eventInterested.message":"You'll be notified when there's new activity and reminded as the event approaches","eventNotFound.title":"Event Not Found","eventNotFound.message":"The event you tried to respond to does not exist.","redirectToRelatedPage.title":"Showing Related Content","redirectToRelatedPageForBaseUsers.title":"Showing Related Content","redirectToRelatedPageForBaseUsers.message":"The content you are trying to access is archived","redirectToRelatedPage.message":"The content you are trying to access is archived","relatedUrl.archivalLink.flyoutMessage":"The content you are trying to access is archived View Archived Content"},"localOverride":false},"CachedAsset:component:custom.widget.community_banner-en-1740570472377":{"__typename":"CachedAsset","id":"component:custom.widget.community_banner-en-1740570472377","value":{"component":{"id":"custom.widget.community_banner","template":{"id":"community_banner","markupLanguage":"HANDLEBARS","style":".community-banner {\n a.top-bar.btn {\n top: 0px;\n width: 100%;\n z-index: 999;\n text-align: center;\n left: 0px;\n background: #0068b8;\n color: white;\n padding: 10px 0px;\n display:block;\n box-shadow:none !important;\n border: none !important;\n border-radius: none !important;\n margin: 0px !important;\n font-size:14px;\n }\n}","texts":null,"defaults":{"config":{"applicablePages":[],"description":"community announcement text","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.community_banner","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":"community announcement text","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":{"css":".custom_widget_community_banner_community-banner_1a5zb_1 {\n a.custom_widget_community_banner_top-bar_1a5zb_2.custom_widget_community_banner_btn_1a5zb_2 {\n top: 0;\n width: 100%;\n z-index: 999;\n text-align: center;\n left: 0;\n background: #0068b8;\n color: white;\n padding: 0.625rem 0;\n display:block;\n box-shadow:none !important;\n border: none !important;\n border-radius: none !important;\n margin: 0 !important;\n font-size:0.875rem;\n }\n}","tokens":{"community-banner":"custom_widget_community_banner_community-banner_1a5zb_1","top-bar":"custom_widget_community_banner_top-bar_1a5zb_2","btn":"custom_widget_community_banner_btn_1a5zb_2"}},"form":null},"localOverride":false},"CachedAsset:component:custom.widget.HeroBanner-en-1740570472377":{"__typename":"CachedAsset","id":"component:custom.widget.HeroBanner-en-1740570472377","value":{"component":{"id":"custom.widget.HeroBanner","template":{"id":"HeroBanner","markupLanguage":"REACT","style":null,"texts":{"searchPlaceholderText":"Search this community","followActionText":"Follow","unfollowActionText":"Following","searchOnHoverText":"Please enter your search term(s) and then press return key to complete a search."},"defaults":{"config":{"applicablePages":[],"description":null,"fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[{"id":"max_items","dataType":"NUMBER","list":false,"defaultValue":"3","label":"Max Items","description":"The maximum number of items to display in the carousel","possibleValues":null,"control":"INPUT","__typename":"PropDefinition"}],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.HeroBanner","form":{"fields":[{"id":"widgetChooser","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"title","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"useTitle","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"useBackground","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"widgetVisibility","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"moreOptions","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"cMax_items","validation":null,"noValidation":null,"dataType":"NUMBER","list":false,"control":"INPUT","defaultValue":"3","label":"Max Items","description":"The maximum number of items to display in the carousel","possibleValues":null,"__typename":"FormField"}],"layout":{"rows":[{"id":"widgetChooserGroup","type":"fieldset","as":null,"items":[{"id":"widgetChooser","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"titleGroup","type":"fieldset","as":null,"items":[{"id":"title","className":null,"__typename":"FormFieldRef"},{"id":"useTitle","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"useBackground","type":"fieldset","as":null,"items":[{"id":"useBackground","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"widgetVisibility","type":"fieldset","as":null,"items":[{"id":"widgetVisibility","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"moreOptionsGroup","type":"fieldset","as":null,"items":[{"id":"moreOptions","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"componentPropsGroup","type":"fieldset","as":null,"items":[{"id":"cMax_items","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"}],"actionButtons":null,"className":"custom_widget_HeroBanner_form","formGroupFieldSeparator":"divider","__typename":"FormLayout"},"__typename":"Form"},"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":null,"fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[{"id":"max_items","dataType":"NUMBER","list":false,"defaultValue":"3","label":"Max Items","description":"The maximum number of items to display in the carousel","possibleValues":null,"control":"INPUT","__typename":"PropDefinition"}],"__typename":"ComponentProperties"},"form":{"fields":[{"id":"widgetChooser","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"title","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"useTitle","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"useBackground","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"widgetVisibility","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"moreOptions","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"cMax_items","validation":null,"noValidation":null,"dataType":"NUMBER","list":false,"control":"INPUT","defaultValue":"3","label":"Max Items","description":"The maximum number of items to display in the carousel","possibleValues":null,"__typename":"FormField"}],"layout":{"rows":[{"id":"widgetChooserGroup","type":"fieldset","as":null,"items":[{"id":"widgetChooser","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"titleGroup","type":"fieldset","as":null,"items":[{"id":"title","className":null,"__typename":"FormFieldRef"},{"id":"useTitle","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"useBackground","type":"fieldset","as":null,"items":[{"id":"useBackground","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"widgetVisibility","type":"fieldset","as":null,"items":[{"id":"widgetVisibility","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"moreOptionsGroup","type":"fieldset","as":null,"items":[{"id":"moreOptions","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"componentPropsGroup","type":"fieldset","as":null,"items":[{"id":"cMax_items","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"}],"actionButtons":null,"className":"custom_widget_HeroBanner_form","formGroupFieldSeparator":"divider","__typename":"FormLayout"},"__typename":"Form"},"__typename":"Component","localOverride":false},"globalCss":null,"form":{"fields":[{"id":"widgetChooser","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"title","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"useTitle","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"useBackground","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"widgetVisibility","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"moreOptions","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"cMax_items","validation":null,"noValidation":null,"dataType":"NUMBER","list":false,"control":"INPUT","defaultValue":"3","label":"Max Items","description":"The maximum number of items to display in the carousel","possibleValues":null,"__typename":"FormField"}],"layout":{"rows":[{"id":"widgetChooserGroup","type":"fieldset","as":null,"items":[{"id":"widgetChooser","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"titleGroup","type":"fieldset","as":null,"items":[{"id":"title","className":null,"__typename":"FormFieldRef"},{"id":"useTitle","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"useBackground","type":"fieldset","as":null,"items":[{"id":"useBackground","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"widgetVisibility","type":"fieldset","as":null,"items":[{"id":"widgetVisibility","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"moreOptionsGroup","type":"fieldset","as":null,"items":[{"id":"moreOptions","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"componentPropsGroup","type":"fieldset","as":null,"items":[{"id":"cMax_items","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"}],"actionButtons":null,"className":"custom_widget_HeroBanner_form","formGroupFieldSeparator":"divider","__typename":"FormLayout"},"__typename":"Form"}},"localOverride":false},"CachedAsset:component:custom.widget.Featured_Carousel-en-1740570472377":{"__typename":"CachedAsset","id":"component:custom.widget.Featured_Carousel-en-1740570472377","value":{"component":{"id":"custom.widget.Featured_Carousel","template":{"id":"Featured_Carousel","markupLanguage":"REACT","style":null,"texts":{"component.title":"Featured Carousel","component.description":"This component shows featured content in a carousel.","noItems":"No carousel yet","noItemsDescription":"There are no items to display in the carousel. You can add items by clicking the Add button after placing the component on the page.","setOrder":"Set Order","contrastRatioError":"Contrast ratio is too low. Please choose a different color.","editBanner":"Edit Banner","cardTemplateDirection":"Card Template Direction","cardBackgroundColor":"Card Background Color","cardTextColor":"Card Text Color","cardTitle":"Title","cardDescription":"Description","cardLink":"Link URL","linkText":"Link Text","tag":"Tag","tagBackgroundColor":"Tag Background Color","tagTextColor":"Tag Text Color","cardImage":"Image URL","cardImageAlt":"Image Alt Text","save":"Save","cancel":"Cancel","success":"Success","error":"Error","errorMessage":"An error occurred. Please try again.","addCard":"Add Carousel Item"},"defaults":{"config":{"applicablePages":[],"description":null,"fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[{"id":"max_items","dataType":"NUMBER","list":false,"defaultValue":"3","label":"Max Items","description":"The maximum number of items to display in the carousel","possibleValues":null,"control":"INPUT","__typename":"PropDefinition"}],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Featured_Carousel","form":{"fields":[{"id":"widgetChooser","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"title","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"useTitle","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"useBackground","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"widgetVisibility","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"moreOptions","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"cMax_items","validation":null,"noValidation":null,"dataType":"NUMBER","list":false,"control":"INPUT","defaultValue":"3","label":"Max Items","description":"The maximum number of items to display in the carousel","possibleValues":null,"__typename":"FormField"}],"layout":{"rows":[{"id":"widgetChooserGroup","type":"fieldset","as":null,"items":[{"id":"widgetChooser","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"titleGroup","type":"fieldset","as":null,"items":[{"id":"title","className":null,"__typename":"FormFieldRef"},{"id":"useTitle","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"useBackground","type":"fieldset","as":null,"items":[{"id":"useBackground","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"widgetVisibility","type":"fieldset","as":null,"items":[{"id":"widgetVisibility","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"moreOptionsGroup","type":"fieldset","as":null,"items":[{"id":"moreOptions","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"componentPropsGroup","type":"fieldset","as":null,"items":[{"id":"cMax_items","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"}],"actionButtons":null,"className":"custom_widget_Featured_Carousel_form","formGroupFieldSeparator":"divider","__typename":"FormLayout"},"__typename":"Form"},"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":null,"fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[{"id":"max_items","dataType":"NUMBER","list":false,"defaultValue":"3","label":"Max Items","description":"The maximum number of items to display in the carousel","possibleValues":null,"control":"INPUT","__typename":"PropDefinition"}],"__typename":"ComponentProperties"},"form":{"fields":[{"id":"widgetChooser","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"title","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"useTitle","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"useBackground","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"widgetVisibility","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"moreOptions","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"cMax_items","validation":null,"noValidation":null,"dataType":"NUMBER","list":false,"control":"INPUT","defaultValue":"3","label":"Max Items","description":"The maximum number of items to display in the carousel","possibleValues":null,"__typename":"FormField"}],"layout":{"rows":[{"id":"widgetChooserGroup","type":"fieldset","as":null,"items":[{"id":"widgetChooser","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"titleGroup","type":"fieldset","as":null,"items":[{"id":"title","className":null,"__typename":"FormFieldRef"},{"id":"useTitle","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"useBackground","type":"fieldset","as":null,"items":[{"id":"useBackground","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"widgetVisibility","type":"fieldset","as":null,"items":[{"id":"widgetVisibility","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"moreOptionsGroup","type":"fieldset","as":null,"items":[{"id":"moreOptions","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"componentPropsGroup","type":"fieldset","as":null,"items":[{"id":"cMax_items","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"}],"actionButtons":null,"className":"custom_widget_Featured_Carousel_form","formGroupFieldSeparator":"divider","__typename":"FormLayout"},"__typename":"Form"},"__typename":"Component","localOverride":false},"globalCss":null,"form":{"fields":[{"id":"widgetChooser","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"title","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"useTitle","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"useBackground","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"widgetVisibility","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"moreOptions","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"cMax_items","validation":null,"noValidation":null,"dataType":"NUMBER","list":false,"control":"INPUT","defaultValue":"3","label":"Max Items","description":"The maximum number of items to display in the carousel","possibleValues":null,"__typename":"FormField"}],"layout":{"rows":[{"id":"widgetChooserGroup","type":"fieldset","as":null,"items":[{"id":"widgetChooser","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"titleGroup","type":"fieldset","as":null,"items":[{"id":"title","className":null,"__typename":"FormFieldRef"},{"id":"useTitle","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"useBackground","type":"fieldset","as":null,"items":[{"id":"useBackground","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"widgetVisibility","type":"fieldset","as":null,"items":[{"id":"widgetVisibility","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"moreOptionsGroup","type":"fieldset","as":null,"items":[{"id":"moreOptions","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"componentPropsGroup","type":"fieldset","as":null,"items":[{"id":"cMax_items","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"}],"actionButtons":null,"className":"custom_widget_Featured_Carousel_form","formGroupFieldSeparator":"divider","__typename":"FormLayout"},"__typename":"Form"}},"localOverride":false},"CachedAsset:component:custom.widget.Board_Browser-en-1740570472377":{"__typename":"CachedAsset","id":"component:custom.widget.Board_Browser-en-1740570472377","value":{"component":{"id":"custom.widget.Board_Browser","template":{"id":"Board_Browser","markupLanguage":"REACT","style":null,"texts":{"emptyOverviewTitle":"Not following any boards","emptyOverviewDescription":"Once you start following boards, they will appear here under the Overview tab.","emptyTabTitle":"No {type} available","emptyTabDescription":"Once {type} are created, they will appear here under the {type} tab.","loadingBoards":"Loading boards","showMore":"Show More","noTabs":"No tabs available","unreadCount":"{count, plural, one{# {discussionType}} other{# {discussionType}s}}"},"defaults":{"config":{"applicablePages":[],"description":null,"fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[{"id":"pageSize","dataType":"NUMBER","list":false,"defaultValue":"4","label":"Number of messages to show","description":null,"possibleValues":null,"control":"INPUT","__typename":"PropDefinition"}],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Board_Browser","form":{"fields":[{"id":"widgetChooser","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"title","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"useTitle","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"useBackground","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"widgetVisibility","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"moreOptions","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"cPageSize","validation":null,"noValidation":null,"dataType":"NUMBER","list":false,"control":"INPUT","defaultValue":"4","label":"Number of messages to show","description":null,"possibleValues":null,"__typename":"FormField"}],"layout":{"rows":[{"id":"widgetChooserGroup","type":"fieldset","as":null,"items":[{"id":"widgetChooser","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"titleGroup","type":"fieldset","as":null,"items":[{"id":"title","className":null,"__typename":"FormFieldRef"},{"id":"useTitle","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"useBackground","type":"fieldset","as":null,"items":[{"id":"useBackground","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"widgetVisibility","type":"fieldset","as":null,"items":[{"id":"widgetVisibility","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"moreOptionsGroup","type":"fieldset","as":null,"items":[{"id":"moreOptions","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"componentPropsGroup","type":"fieldset","as":null,"items":[{"id":"cPageSize","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"}],"actionButtons":null,"className":"custom_widget_Board_Browser_form","formGroupFieldSeparator":"divider","__typename":"FormLayout"},"__typename":"Form"},"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":null,"fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[{"id":"pageSize","dataType":"NUMBER","list":false,"defaultValue":"4","label":"Number of messages to show","description":null,"possibleValues":null,"control":"INPUT","__typename":"PropDefinition"}],"__typename":"ComponentProperties"},"form":{"fields":[{"id":"widgetChooser","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"title","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"useTitle","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"useBackground","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"widgetVisibility","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"moreOptions","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"cPageSize","validation":null,"noValidation":null,"dataType":"NUMBER","list":false,"control":"INPUT","defaultValue":"4","label":"Number of messages to show","description":null,"possibleValues":null,"__typename":"FormField"}],"layout":{"rows":[{"id":"widgetChooserGroup","type":"fieldset","as":null,"items":[{"id":"widgetChooser","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"titleGroup","type":"fieldset","as":null,"items":[{"id":"title","className":null,"__typename":"FormFieldRef"},{"id":"useTitle","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"useBackground","type":"fieldset","as":null,"items":[{"id":"useBackground","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"widgetVisibility","type":"fieldset","as":null,"items":[{"id":"widgetVisibility","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"moreOptionsGroup","type":"fieldset","as":null,"items":[{"id":"moreOptions","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"componentPropsGroup","type":"fieldset","as":null,"items":[{"id":"cPageSize","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"}],"actionButtons":null,"className":"custom_widget_Board_Browser_form","formGroupFieldSeparator":"divider","__typename":"FormLayout"},"__typename":"Form"},"__typename":"Component","localOverride":false},"globalCss":null,"form":{"fields":[{"id":"widgetChooser","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"title","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"useTitle","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"useBackground","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"widgetVisibility","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"moreOptions","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"cPageSize","validation":null,"noValidation":null,"dataType":"NUMBER","list":false,"control":"INPUT","defaultValue":"4","label":"Number of messages to show","description":null,"possibleValues":null,"__typename":"FormField"}],"layout":{"rows":[{"id":"widgetChooserGroup","type":"fieldset","as":null,"items":[{"id":"widgetChooser","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"titleGroup","type":"fieldset","as":null,"items":[{"id":"title","className":null,"__typename":"FormFieldRef"},{"id":"useTitle","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"useBackground","type":"fieldset","as":null,"items":[{"id":"useBackground","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"widgetVisibility","type":"fieldset","as":null,"items":[{"id":"widgetVisibility","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"moreOptionsGroup","type":"fieldset","as":null,"items":[{"id":"moreOptions","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"componentPropsGroup","type":"fieldset","as":null,"items":[{"id":"cPageSize","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"}],"actionButtons":null,"className":"custom_widget_Board_Browser_form","formGroupFieldSeparator":"divider","__typename":"FormLayout"},"__typename":"Form"}},"localOverride":false},"CachedAsset:component:custom.widget.Featured_Resources-en-1740570472377":{"__typename":"CachedAsset","id":"component:custom.widget.Featured_Resources-en-1740570472377","value":{"component":{"id":"custom.widget.Featured_Resources","template":{"id":"Featured_Resources","markupLanguage":"REACT","style":null,"texts":{"resourceTitle":"Title","titlePlaceholder":"Resource title","urlPlaceholder":"Resource URL","resourceUrl":"URL","addResource":"Add Resource","cancel":"Cancel","removeResource":"Remove Resource","error":"Error","itemNotSaved":"Item not saved. {message}","errorMessage":"An error occurred. Please try again."},"defaults":{"config":{"applicablePages":[],"description":null,"fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Featured_Resources","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":null,"fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:component:custom.widget.Social_Sharing-en-1740570472377":{"__typename":"CachedAsset","id":"component:custom.widget.Social_Sharing-en-1740570472377","value":{"component":{"id":"custom.widget.Social_Sharing","template":{"id":"Social_Sharing","markupLanguage":"HANDLEBARS","style":".social-share {\n .sharing-options {\n position: relative;\n margin: 0;\n padding: 0;\n line-height: 10px;\n display: flex;\n justify-content: left;\n gap: 5px;\n list-style-type: none;\n li {\n text-align: left;\n a {\n min-width: 30px;\n min-height: 30px;\n display: block;\n padding: 1px;\n .social-share-linkedin {\n img {\n background-color: rgb(0, 119, 181);\n }\n }\n .social-share-facebook {\n img {\n background-color: rgb(59, 89, 152);\n }\n }\n .social-share-x {\n img {\n background-color: rgb(0, 0, 0);\n }\n }\n .social-share-rss {\n img {\n background-color: rgb(0, 0, 0);\n }\n }\n .social-share-reddit {\n img {\n background-color: rgb(255, 69, 0);\n }\n }\n .social-share-email {\n img {\n background-color: rgb(132, 132, 132);\n }\n }\n }\n a {\n img {\n height: 2rem;\n }\n }\n }\n }\n}\n","texts":null,"defaults":{"config":{"applicablePages":[],"description":"Adds buttons to share to various social media websites","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Social_Sharing","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":"Adds buttons to share to various social media websites","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":{"css":".custom_widget_Social_Sharing_social-share_c7xxz_1 {\n .custom_widget_Social_Sharing_sharing-options_c7xxz_2 {\n position: relative;\n margin: 0;\n padding: 0;\n line-height: 0.625rem;\n display: flex;\n justify-content: left;\n gap: 0.3125rem;\n list-style-type: none;\n li {\n text-align: left;\n a {\n min-width: 1.875rem;\n min-height: 1.875rem;\n display: block;\n padding: 0.0625rem;\n .custom_widget_Social_Sharing_social-share-linkedin_c7xxz_18 {\n img {\n background-color: rgb(0, 119, 181);\n }\n }\n .custom_widget_Social_Sharing_social-share-facebook_c7xxz_23 {\n img {\n background-color: rgb(59, 89, 152);\n }\n }\n .custom_widget_Social_Sharing_social-share-x_c7xxz_28 {\n img {\n background-color: rgb(0, 0, 0);\n }\n }\n .custom_widget_Social_Sharing_social-share-rss_c7xxz_33 {\n img {\n background-color: rgb(0, 0, 0);\n }\n }\n .custom_widget_Social_Sharing_social-share-reddit_c7xxz_38 {\n img {\n background-color: rgb(255, 69, 0);\n }\n }\n .custom_widget_Social_Sharing_social-share-email_c7xxz_43 {\n img {\n background-color: rgb(132, 132, 132);\n }\n }\n }\n a {\n img {\n height: 2rem;\n }\n }\n }\n }\n}\n","tokens":{"social-share":"custom_widget_Social_Sharing_social-share_c7xxz_1","sharing-options":"custom_widget_Social_Sharing_sharing-options_c7xxz_2","social-share-linkedin":"custom_widget_Social_Sharing_social-share-linkedin_c7xxz_18","social-share-facebook":"custom_widget_Social_Sharing_social-share-facebook_c7xxz_23","social-share-x":"custom_widget_Social_Sharing_social-share-x_c7xxz_28","social-share-rss":"custom_widget_Social_Sharing_social-share-rss_c7xxz_33","social-share-reddit":"custom_widget_Social_Sharing_social-share-reddit_c7xxz_38","social-share-email":"custom_widget_Social_Sharing_social-share-email_c7xxz_43"}},"form":null},"localOverride":false},"CachedAsset:component:custom.widget.MicrosoftFooter-en-1740570472377":{"__typename":"CachedAsset","id":"component:custom.widget.MicrosoftFooter-en-1740570472377","value":{"component":{"id":"custom.widget.MicrosoftFooter","template":{"id":"MicrosoftFooter","markupLanguage":"HANDLEBARS","style":".context-uhf {\n min-width: 280px;\n font-size: 15px;\n box-sizing: border-box;\n -ms-text-size-adjust: 100%;\n -webkit-text-size-adjust: 100%;\n & *,\n & *:before,\n & *:after {\n box-sizing: inherit;\n }\n a.c-uhff-link {\n color: #616161;\n word-break: break-word;\n text-decoration: none;\n }\n &a:link,\n &a:focus,\n &a:hover,\n &a:active,\n &a:visited {\n text-decoration: none;\n color: inherit;\n }\n & div {\n font-family: 'Segoe UI', SegoeUI, 'Helvetica Neue', Helvetica, Arial, sans-serif;\n }\n}\n.c-uhff {\n background: #f2f2f2;\n margin: -1.5625;\n width: auto;\n height: auto;\n}\n.c-uhff-nav {\n margin: 0 auto;\n max-width: calc(1600px + 10%);\n padding: 0 5%;\n box-sizing: inherit;\n &:before,\n &:after {\n content: ' ';\n display: table;\n clear: left;\n }\n @media only screen and (max-width: 1083px) {\n padding-left: 12px;\n }\n .c-heading-4 {\n color: #616161;\n word-break: break-word;\n font-size: 15px;\n line-height: 20px;\n padding: 36px 0 4px;\n font-weight: 600;\n }\n .c-uhff-nav-row {\n .c-uhff-nav-group {\n display: block;\n float: left;\n min-height: 1px;\n vertical-align: text-top;\n padding: 0 12px;\n width: 100%;\n zoom: 1;\n &:first-child {\n padding-left: 0;\n @media only screen and (max-width: 1083px) {\n padding-left: 12px;\n }\n }\n @media only screen and (min-width: 540px) and (max-width: 1082px) {\n width: 33.33333%;\n }\n @media only screen and (min-width: 1083px) {\n width: 16.6666666667%;\n }\n ul.c-list.f-bare {\n font-size: 11px;\n line-height: 16px;\n margin-top: 0;\n margin-bottom: 0;\n padding-left: 0;\n list-style-type: none;\n li {\n word-break: break-word;\n padding: 8px 0;\n margin: 0;\n }\n }\n }\n }\n}\n.c-uhff-base {\n background: #f2f2f2;\n margin: 0 auto;\n max-width: calc(1600px + 10%);\n padding: 30px 5% 16px;\n &:before,\n &:after {\n content: ' ';\n display: table;\n }\n &:after {\n clear: both;\n }\n a.c-uhff-ccpa {\n font-size: 11px;\n line-height: 16px;\n float: left;\n margin: 3px 0;\n }\n a.c-uhff-ccpa:hover {\n text-decoration: underline;\n }\n ul.c-list {\n font-size: 11px;\n line-height: 16px;\n float: right;\n margin: 3px 0;\n color: #616161;\n li {\n padding: 0 24px 4px 0;\n display: inline-block;\n }\n }\n .c-list.f-bare {\n padding-left: 0;\n list-style-type: none;\n }\n @media only screen and (max-width: 1083px) {\n display: flex;\n flex-wrap: wrap;\n padding: 30px 24px 16px;\n }\n}\n","texts":{"New tab":"What's New","New 1":"Surface Laptop Studio 2","New 2":"Surface Laptop Go 3","New 3":"Surface Pro 9","New 4":"Surface Laptop 5","New 5":"Surface Studio 2+","New 6":"Copilot in Windows","New 7":"Microsoft 365","New 8":"Windows 11 apps","Store tab":"Microsoft Store","Store 1":"Account Profile","Store 2":"Download Center","Store 3":"Microsoft Store Support","Store 4":"Returns","Store 5":"Order tracking","Store 6":"Certified Refurbished","Store 7":"Microsoft Store Promise","Store 8":"Flexible Payments","Education tab":"Education","Edu 1":"Microsoft in education","Edu 2":"Devices for education","Edu 3":"Microsoft Teams for Education","Edu 4":"Microsoft 365 Education","Edu 5":"How to buy for your school","Edu 6":"Educator Training and development","Edu 7":"Deals for students and parents","Edu 8":"Azure for students","Business tab":"Business","Bus 1":"Microsoft Cloud","Bus 2":"Microsoft Security","Bus 3":"Dynamics 365","Bus 4":"Microsoft 365","Bus 5":"Microsoft Power Platform","Bus 6":"Microsoft Teams","Bus 7":"Microsoft Industry","Bus 8":"Small Business","Developer tab":"Developer & IT","Dev 1":"Azure","Dev 2":"Developer Center","Dev 3":"Documentation","Dev 4":"Microsoft Learn","Dev 5":"Microsoft Tech Community","Dev 6":"Azure Marketplace","Dev 7":"AppSource","Dev 8":"Visual Studio","Company tab":"Company","Com 1":"Careers","Com 2":"About Microsoft","Com 3":"Company News","Com 4":"Privacy at Microsoft","Com 5":"Investors","Com 6":"Diversity and inclusion","Com 7":"Accessiblity","Com 8":"Sustainibility"},"defaults":{"config":{"applicablePages":[],"description":"The Microsoft Footer","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.MicrosoftFooter","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":"The Microsoft Footer","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":{"css":".custom_widget_MicrosoftFooter_context-uhf_f95yq_1 {\n min-width: 17.5rem;\n font-size: 0.9375rem;\n box-sizing: border-box;\n -ms-text-size-adjust: 100%;\n -webkit-text-size-adjust: 100%;\n & *,\n & *:before,\n & *:after {\n box-sizing: inherit;\n }\n a.custom_widget_MicrosoftFooter_c-uhff-link_f95yq_12 {\n color: #616161;\n word-break: break-word;\n text-decoration: none;\n }\n &a:link,\n &a:focus,\n &a:hover,\n &a:active,\n &a:visited {\n text-decoration: none;\n color: inherit;\n }\n & div {\n font-family: 'Segoe UI', SegoeUI, 'Helvetica Neue', Helvetica, Arial, sans-serif;\n }\n}\n.custom_widget_MicrosoftFooter_c-uhff_f95yq_12 {\n background: #f2f2f2;\n margin: -1.5625;\n width: auto;\n height: auto;\n}\n.custom_widget_MicrosoftFooter_c-uhff-nav_f95yq_35 {\n margin: 0 auto;\n max-width: calc(100rem + 10%);\n padding: 0 5%;\n box-sizing: inherit;\n &:before,\n &:after {\n content: ' ';\n display: table;\n clear: left;\n }\n @media only screen and (max-width: 1083px) {\n padding-left: 0.75rem;\n }\n .custom_widget_MicrosoftFooter_c-heading-4_f95yq_49 {\n color: #616161;\n word-break: break-word;\n font-size: 0.9375rem;\n line-height: 1.25rem;\n padding: 2.25rem 0 0.25rem;\n font-weight: 600;\n }\n .custom_widget_MicrosoftFooter_c-uhff-nav-row_f95yq_57 {\n .custom_widget_MicrosoftFooter_c-uhff-nav-group_f95yq_58 {\n display: block;\n float: left;\n min-height: 0.0625rem;\n vertical-align: text-top;\n padding: 0 0.75rem;\n width: 100%;\n zoom: 1;\n &:first-child {\n padding-left: 0;\n @media only screen and (max-width: 1083px) {\n padding-left: 0.75rem;\n }\n }\n @media only screen and (min-width: 540px) and (max-width: 1082px) {\n width: 33.33333%;\n }\n @media only screen and (min-width: 1083px) {\n width: 16.6666666667%;\n }\n ul.custom_widget_MicrosoftFooter_c-list_f95yq_78.custom_widget_MicrosoftFooter_f-bare_f95yq_78 {\n font-size: 0.6875rem;\n line-height: 1rem;\n margin-top: 0;\n margin-bottom: 0;\n padding-left: 0;\n list-style-type: none;\n li {\n word-break: break-word;\n padding: 0.5rem 0;\n margin: 0;\n }\n }\n }\n }\n}\n.custom_widget_MicrosoftFooter_c-uhff-base_f95yq_94 {\n background: #f2f2f2;\n margin: 0 auto;\n max-width: calc(100rem + 10%);\n padding: 1.875rem 5% 1rem;\n &:before,\n &:after {\n content: ' ';\n display: table;\n }\n &:after {\n clear: both;\n }\n a.custom_widget_MicrosoftFooter_c-uhff-ccpa_f95yq_107 {\n font-size: 0.6875rem;\n line-height: 1rem;\n float: left;\n margin: 0.1875rem 0;\n }\n a.custom_widget_MicrosoftFooter_c-uhff-ccpa_f95yq_107:hover {\n text-decoration: underline;\n }\n ul.custom_widget_MicrosoftFooter_c-list_f95yq_78 {\n font-size: 0.6875rem;\n line-height: 1rem;\n float: right;\n margin: 0.1875rem 0;\n color: #616161;\n li {\n padding: 0 1.5rem 0.25rem 0;\n display: inline-block;\n }\n }\n .custom_widget_MicrosoftFooter_c-list_f95yq_78.custom_widget_MicrosoftFooter_f-bare_f95yq_78 {\n padding-left: 0;\n list-style-type: none;\n }\n @media only screen and (max-width: 1083px) {\n display: flex;\n flex-wrap: wrap;\n padding: 1.875rem 1.5rem 1rem;\n }\n}\n","tokens":{"context-uhf":"custom_widget_MicrosoftFooter_context-uhf_f95yq_1","c-uhff-link":"custom_widget_MicrosoftFooter_c-uhff-link_f95yq_12","c-uhff":"custom_widget_MicrosoftFooter_c-uhff_f95yq_12","c-uhff-nav":"custom_widget_MicrosoftFooter_c-uhff-nav_f95yq_35","c-heading-4":"custom_widget_MicrosoftFooter_c-heading-4_f95yq_49","c-uhff-nav-row":"custom_widget_MicrosoftFooter_c-uhff-nav-row_f95yq_57","c-uhff-nav-group":"custom_widget_MicrosoftFooter_c-uhff-nav-group_f95yq_58","c-list":"custom_widget_MicrosoftFooter_c-list_f95yq_78","f-bare":"custom_widget_MicrosoftFooter_f-bare_f95yq_78","c-uhff-base":"custom_widget_MicrosoftFooter_c-uhff-base_f95yq_94","c-uhff-ccpa":"custom_widget_MicrosoftFooter_c-uhff-ccpa_f95yq_107"}},"form":null},"localOverride":false},"CachedAsset:text:en_US-components/community/Breadcrumb-1737115705000":{"__typename":"CachedAsset","id":"text:en_US-components/community/Breadcrumb-1737115705000","value":{"navLabel":"Breadcrumbs","dropdown":"Additional parent page navigation"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageListForNodeByRecentActivityWidget-1737115705000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageListForNodeByRecentActivityWidget-1737115705000","value":{"title@userScope:other":"Recent Content","title@userScope:self":"Contributions","title@board:FORUM@userScope:other":"Recent Discussions","title@board:BLOG@userScope:other":"Recent Blogs","emptyDescription":"No content to show","MessageListForNodeByRecentActivityWidgetEditor.nodeScope.label":"Scope","title@instance:1722894000155":"Recent Discussions","title@instance:1727367112619":"Recent Blog Articles","title@instance:1727367069748":"Recent Discussions","title@instance:1727366213114":"Latest Discussions","title@instance:1727899609720":"","title@instance:1727363308925":"Latest Discussions","title@instance:1737115580352":"Latest Articles","title@instance:1720453418992":"Recent Discssions","title@instance:1727365950181":"Latest Blog Articles","title@instance:bmDPnI":"Latest Blog Articles","title@instance:1721244347979":"Latest blog posts","title@instance:1728383752171":"Related Content","title@instance:1722893956545":"Latest Skilling Resources","title@instance:dhcgCU":"Latest Discussions"},"localOverride":false},"CachedAsset:text:en_US-components/occasions/OccasionListForNodeWidget-1737115705000":{"__typename":"CachedAsset","id":"text:en_US-components/occasions/OccasionListForNodeWidget-1737115705000","value":{"title":"Events","emptyDescription":"No events to show","title@instance:1727363188840":"Upcoming Events","title@instance:1729608286569":"Recent Events","title@instance:1729607362174":"Upcoming Events"},"localOverride":false},"CachedAsset:text:en_US-components/tags/TagWidget-1737115705000":{"__typename":"CachedAsset","id":"text:en_US-components/tags/TagWidget-1737115705000","value":{"title":"Tags","modalTitle":"{tagsCount, plural, one{# Tag} other{# Tags}}","searchFilterPlaceHolder":"Find a tag","searchFilterAriaLabel":"Find a tag","emptyDescription":"No tags to show","showAllButton":"Show All"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/QueryHandler-1737115705000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/QueryHandler-1737115705000","value":{"title":"Query Handler"},"localOverride":false},"Category:category:Exchange":{"__typename":"Category","id":"category:Exchange","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Planner":{"__typename":"Category","id":"category:Planner","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Outlook":{"__typename":"Category","id":"category:Outlook","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Community-Info-Center":{"__typename":"Category","id":"category:Community-Info-Center","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:EducationSector":{"__typename":"Category","id":"category:EducationSector","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:DrivingAdoption":{"__typename":"Category","id":"category:DrivingAdoption","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Azure":{"__typename":"Category","id":"category:Azure","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Windows-Server":{"__typename":"Category","id":"category:Windows-Server","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:SQL-Server":{"__typename":"Category","id":"category:SQL-Server","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:MicrosoftTeams":{"__typename":"Category","id":"category:MicrosoftTeams","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:PublicSector":{"__typename":"Category","id":"category:PublicSector","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:microsoft365":{"__typename":"Category","id":"category:microsoft365","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:IoT":{"__typename":"Category","id":"category:IoT","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:HealthcareAndLifeSciences":{"__typename":"Category","id":"category:HealthcareAndLifeSciences","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:SMB":{"__typename":"Category","id":"category:SMB","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:ITOpsTalk":{"__typename":"Category","id":"category:ITOpsTalk","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:microsoft-endpoint-manager":{"__typename":"Category","id":"category:microsoft-endpoint-manager","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:MicrosoftLearn":{"__typename":"Category","id":"category:MicrosoftLearn","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Blog:board:MicrosoftLearnBlog":{"__typename":"Blog","id":"board:MicrosoftLearnBlog","blogPolicies":{"__typename":"BlogPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:AI":{"__typename":"Category","id":"category:AI","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:MicrosoftMechanics":{"__typename":"Category","id":"category:MicrosoftMechanics","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:StartupsatMicrosoft":{"__typename":"Category","id":"category:StartupsatMicrosoft","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:PartnerCommunity":{"__typename":"Category","id":"category:PartnerCommunity","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Windows":{"__typename":"Category","id":"category:Windows","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Conversation:conversation:4373271":{"__typename":"Conversation","id":"conversation:4373271","topic":{"__typename":"BlogTopicMessage","uid":4373271},"lastPostingActivityTime":"2025-02-03T05:54:07.678-08:00","solved":false},"Blog:board:MicrosoftThreatProtectionBlog":{"__typename":"Blog","id":"board:MicrosoftThreatProtectionBlog","displayId":"MicrosoftThreatProtectionBlog","nodeType":"board","conversationStyle":"BLOG","title":"Microsoft Defender XDR Blog","shortTitle":"Microsoft Defender XDR Blog","parent":{"__ref":"Category:category:microsoft-defender-xdr"}},"User:user:63582":{"__typename":"User","uid":63582,"login":"HeikeRitter","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"id":"user:63582"},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MzczMjcxLUZheTladw?revision=5\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MzczMjcxLUZheTladw?revision=5","title":"Hempriggs-Blog-Banner.png","associationType":"BODY","width":672,"height":384,"altText":"Decorative"},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MzczMjcxLXpJV0FtMw?revision=5\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MzczMjcxLXpJV0FtMw?revision=5","title":"Screenshot 2025-01-21 102209.png","associationType":"BODY","width":2487,"height":1472,"altText":"Screenshot of the cases queue"},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MzczMjcxLVBnWG1VQg?revision=5\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MzczMjcxLVBnWG1VQg?revision=5","title":"solutions-list.png","associationType":"BODY","width":1509,"height":858,"altText":"Screenshot of the new granular view in the content hub."},"BlogTopicMessage:message:4373271":{"__typename":"BlogTopicMessage","subject":"Monthly news - February 2025","conversation":{"__ref":"Conversation:conversation:4373271"},"id":"message:4373271","revisionNum":5,"uid":4373271,"depth":0,"board":{"__ref":"Blog:board:MicrosoftThreatProtectionBlog"},"author":{"__ref":"User:user:63582"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":200})":"","introduction":"","metrics":{"__typename":"MessageMetrics","views":1949},"postTime":"2025-02-03T05:47:09.227-08:00","lastPublishTime":"2025-02-03T05:54:07.678-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":200})":" \n \n \n \n \n \n \n \n \n \n \n \n Microsoft Defender XDR Monthly news February 2025 Edition \n \n \n \n This is our monthly \"What's new\" blog post, summarizing product updates and various new assets we rele...","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":200})@stringLength":"203","kudosSumWeight":2,"repliesCount":0,"tags":{"__typename":"TagConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":true,"endCursor":"MjUuMXwyLjF8b3w1fF9OVl98NQ","hasPreviousPage":false,"startCursor":null},"edges":[{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98MQ","node":{"__typename":"Tag","id":"tag:defender news","text":"defender news","time":"2023-04-03T09:38:02.795-07:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}},{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98Mg","node":{"__typename":"Tag","id":"tag:microsoft defender for endpoint","text":"microsoft defender for endpoint","time":"2020-10-20T05:09:28.319-07:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}},{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98Mw","node":{"__typename":"Tag","id":"tag:microsoft defender for identity","text":"microsoft defender for identity","time":"2020-10-01T04:46:39.460-07:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}},{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98NA","node":{"__typename":"Tag","id":"tag:Microsoft Defender for IoT","text":"Microsoft Defender for IoT","time":"2021-11-02T09:59:04.167-07:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}},{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98NQ","node":{"__typename":"Tag","id":"tag:microsoft defender for office 365","text":"microsoft defender for office 365","time":"2020-10-08T11:30:26.675-07:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}}]},"timeToRead":5,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MzczMjcxLUZheTladw?revision=5\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDI","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MzczMjcxLXpJV0FtMw?revision=5\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDM","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MzczMjcxLVBnWG1VQg?revision=5\"}"}}],"totalCount":3,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"coverImage":null,"coverImageProperties":{"__typename":"CoverImageProperties","style":"STANDARD","titlePosition":"BOTTOM","altText":""}},"Conversation:conversation:4372520":{"__typename":"Conversation","id":"conversation:4372520","topic":{"__typename":"BlogTopicMessage","uid":4372520},"lastPostingActivityTime":"2025-02-02T09:44:09.357-08:00","solved":false},"User:user:68663":{"__typename":"User","uid":68663,"login":"Maayan Bar-Niv","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"id":"user:68663"},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MzcyNTIwLWJmbm5Xcw?revision=3\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MzcyNTIwLWJmbm5Xcw?revision=3","title":"deepseek.png","associationType":"COVER","width":1280,"height":720,"altText":""},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MzcyNTIwLUpYdEh2Tw?revision=3\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MzcyNTIwLUpYdEh2Tw?revision=3","title":"image.png","associationType":"BODY","width":1600,"height":900,"altText":""},"BlogTopicMessage:message:4372520":{"__typename":"BlogTopicMessage","subject":"Get visibility into your DeepSeek use with Defender for Cloud Apps","conversation":{"__ref":"Conversation:conversation:4372520"},"id":"message:4372520","revisionNum":3,"uid":4372520,"depth":0,"board":{"__ref":"Blog:board:MicrosoftThreatProtectionBlog"},"author":{"__ref":"User:user:68663"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":200})":"","introduction":"","metrics":{"__typename":"MessageMetrics","views":4768},"postTime":"2025-01-30T16:58:28.175-08:00","lastPublishTime":"2025-01-30T16:58:28.175-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":200})":" The world has never seen technology adopted at the pace of AI. While AI increases productivity and is deeply integrated into business processes, it can also come with risks in terms of security, priv...","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":200})@stringLength":"203","kudosSumWeight":1,"repliesCount":1,"tags":{"__typename":"TagConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98MQ","node":{"__typename":"Tag","id":"tag:microsoft defender for cloud apps","text":"microsoft defender for cloud apps","time":"2021-11-02T08:00:01.378-07:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}},{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98Mg","node":{"__typename":"Tag","id":"tag:xdr","text":"xdr","time":"2021-01-27T10:45:17.618-08:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}}]},"timeToRead":2,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MzcyNTIwLWJmbm5Xcw?revision=3\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDI","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MzcyNTIwLUpYdEh2Tw?revision=3\"}"}}],"totalCount":2,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"coverImage":{"__typename":"UploadedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MzcyNTIwLWJmbm5Xcw?revision=3"},"coverImageProperties":{"__typename":"CoverImageProperties","style":"STANDARD","titlePosition":"BOTTOM","altText":""}},"Conversation:conversation:4386296":{"__typename":"Conversation","id":"conversation:4386296","topic":{"__typename":"ForumTopicMessage","uid":4386296},"lastPostingActivityTime":"2025-02-27T07:34:02.629-08:00","solved":true},"Forum:board:MicrosoftThreatProtection":{"__typename":"Forum","id":"board:MicrosoftThreatProtection","displayId":"MicrosoftThreatProtection","nodeType":"board","conversationStyle":"FORUM","title":"Microsoft Defender XDR","shortTitle":"Microsoft Defender XDR","parent":{"__ref":"Category:category:microsoft-defender-xdr"}},"User:user:2629796":{"__typename":"User","uid":2629796,"login":"GuidoImpe","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"rank":{"__typename":"Rank","name":"Brass Contributor","color":"333333","rankStyle":"TEXT"},"avatar":{"__typename":"UserAvatar","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/dS0yNjI5Nzk2LTYxMTczOGk3Njk4NTMxRjM4RjA4NzJC"},"id":"user:2629796"},"ForumTopicMessage:message:4386296":{"__typename":"ForumTopicMessage","subject":"Dynamic Blocklist in Microsoft Defender XDR","conversation":{"__ref":"Conversation:conversation:4386296"},"id":"message:4386296","revisionNum":1,"uid":4386296,"depth":0,"board":{"__ref":"Forum:board:MicrosoftThreatProtection"},"author":{"__ref":"User:user:2629796"},"metrics":{"__typename":"MessageMetrics","views":36},"postTime":"2025-02-26T07:18:28.984-08:00","lastPublishTime":"2025-02-26T07:18:28.984-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Hello Community, I have one question, and i think that is a request that could be useful to everyone. We have a Dynamic list that are published over internet in read-only (into this list we put ioc like malicious domain or bad ip reputation) is a txt file. There are a possibility from MDE o MDC to block all connection to this ioc ? or MDE and MDC not support Dynamic BLocklist ? Regards, Guido ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"403","kudosSumWeight":0,"repliesCount":2,"readOnly":false,"tags":{"__typename":"TagConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98MQ","node":{"__typename":"Tag","id":"tag:microsoft defender for endpoint","text":"microsoft defender for endpoint","time":"2020-10-20T05:09:28.319-07:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}}]},"timeToRead":1,"images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:4382673":{"__typename":"Conversation","id":"conversation:4382673","topic":{"__typename":"ForumTopicMessage","uid":4382673},"lastPostingActivityTime":"2025-02-20T04:49:58.905-08:00","solved":true},"User:user:1965085":{"__typename":"User","uid":1965085,"login":"Sreenath15","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"rank":{"__typename":"Rank","name":"Copper Contributor","color":"333333","rankStyle":"TEXT"},"avatar":{"__typename":"UserAvatar","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/m_assets/avatars/default/avatar-10.svg?time=0"},"id":"user:1965085"},"ForumTopicMessage:message:4382673":{"__typename":"ForumTopicMessage","subject":"DeviceRegistryEvents table","conversation":{"__ref":"Conversation:conversation:4382673"},"id":"message:4382673","revisionNum":1,"uid":4382673,"depth":0,"board":{"__ref":"Forum:board:MicrosoftThreatProtection"},"author":{"__ref":"User:user:1965085"},"metrics":{"__typename":"MessageMetrics","views":33},"postTime":"2025-02-18T14:26:44.349-08:00","lastPublishTime":"2025-02-18T14:26:44.349-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Couldn’t find any documentation on what is logged or not logged in this table. Is there any documentation available on what registry entries are logged by defender? Is there a way to suggest some registry events to be logged to Microsoft? ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"240","kudosSumWeight":0,"repliesCount":1,"readOnly":false,"tags":{"__typename":"TagConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98MQ","node":{"__typename":"Tag","id":"tag:microsoft defender for endpoint","text":"microsoft defender for endpoint","time":"2020-10-20T05:09:28.319-07:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}},{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98Mg","node":{"__typename":"Tag","id":"tag:Search","text":"Search","time":"2017-06-20T00:43:25.787-07:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}},{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98Mw","node":{"__typename":"Tag","id":"tag:threat hunting","text":"threat hunting","time":"2020-03-27T16:01:48.279-07:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}}]},"timeToRead":1,"images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:4377843":{"__typename":"Conversation","id":"conversation:4377843","topic":{"__typename":"ForumTopicMessage","uid":4377843},"lastPostingActivityTime":"2025-02-25T05:40:44.479-08:00","solved":true},"User:user:2907985":{"__typename":"User","uid":2907985,"login":"Bspies1","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"rank":{"__typename":"Rank","name":"Copper Contributor","color":"333333","rankStyle":"TEXT"},"avatar":{"__typename":"UserAvatar","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/m_assets/avatars/default/avatar-3.svg?time=0"},"id":"user:2907985"},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00Mzc3ODQzLXloQXoxWg?revision=1\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00Mzc3ODQzLXloQXoxWg?revision=1","title":"image.png","associationType":"BODY","width":395,"height":604,"altText":""},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00Mzc3ODQzLUF0bkh6eQ?revision=1\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00Mzc3ODQzLUF0bkh6eQ?revision=1","title":"image.png","associationType":"BODY","width":593,"height":428,"altText":""},"ForumTopicMessage:message:4377843":{"__typename":"ForumTopicMessage","subject":"EDR Exclusions - file extensions with square brackets","conversation":{"__ref":"Conversation:conversation:4377843"},"id":"message:4377843","revisionNum":1,"uid":4377843,"depth":0,"board":{"__ref":"Forum:board:MicrosoftThreatProtection"},"author":{"__ref":"User:user:2907985"},"metrics":{"__typename":"MessageMetrics","views":57},"postTime":"2025-02-12T14:36:53.859-08:00","lastPublishTime":"2025-02-12T14:36:53.859-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Background: We applied for, and received the ability to access EDR Exclusions for our tenant due to some performance problems we were seeing. I think this might still be an early preview feature but am not 100% sure... Here is a screenshot of what I am referring to: We have found a few other applications that had issues, including one that uses many different file extensions. Some of those files use square brackets in the extension name. This are valid files. However when I try to add them to our EDR Exclusions, I get an error \"a valid extension must be specified\"... which is frustrating because it is a valid extension. Does anyone have a solution for this or know how to get Microsoft to fix this? Thanks ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"752","kudosSumWeight":0,"repliesCount":1,"readOnly":false,"tags":{"__typename":"TagConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98MQ","node":{"__typename":"Tag","id":"tag:microsoft defender for endpoint","text":"microsoft defender for endpoint","time":"2020-10-20T05:09:28.319-07:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}}]},"timeToRead":1,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00Mzc3ODQzLXloQXoxWg?revision=1\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDI","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00Mzc3ODQzLUF0bkh6eQ?revision=1\"}"}}],"totalCount":2,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:4374122":{"__typename":"Conversation","id":"conversation:4374122","topic":{"__typename":"ForumTopicMessage","uid":4374122},"lastPostingActivityTime":"2025-02-12T04:05:25.947-08:00","solved":true},"User:user:2722212":{"__typename":"User","uid":2722212,"login":"stade1655","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"rank":{"__typename":"Rank","name":"Copper Contributor","color":"333333","rankStyle":"TEXT"},"avatar":{"__typename":"UserAvatar","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/m_assets/avatars/default/avatar-3.svg?time=0"},"id":"user:2722212"},"ForumTopicMessage:message:4374122":{"__typename":"ForumTopicMessage","subject":"Advanced Hunting along with a Custom Detection Rule","conversation":{"__ref":"Conversation:conversation:4374122"},"id":"message:4374122","revisionNum":1,"uid":4374122,"depth":0,"board":{"__ref":"Forum:board:MicrosoftThreatProtection"},"author":{"__ref":"User:user:2722212"},"metrics":{"__typename":"MessageMetrics","views":106},"postTime":"2025-02-05T06:40:40.803-08:00","lastPublishTime":"2025-02-05T06:40:40.803-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Good afternoon, I need some help setting up a KQL query in Advanced Hunting along with a Custom Detection Rule to automatically isolate devices where a virus or ransomware is detected. The rule must run at NRT (Near Real-Time) frequency. We are using Microsoft Defender for Business, which is included in the Microsoft 365 Business Premium license. Would any kind community member be able to provide me with a starting point for this? Thank you in advance! ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"490","kudosSumWeight":1,"repliesCount":2,"readOnly":false,"tags":{"__typename":"TagConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98MQ","node":{"__typename":"Tag","id":"tag:alerts","text":"alerts","time":"2018-02-26T22:00:55.393-08:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}},{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98Mg","node":{"__typename":"Tag","id":"tag:automation","text":"automation","time":"2016-09-07T22:49:15.893-07:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}},{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98Mw","node":{"__typename":"Tag","id":"tag:microsoft defender for endpoint","text":"microsoft defender for endpoint","time":"2020-10-20T05:09:28.319-07:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}},{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98NA","node":{"__typename":"Tag","id":"tag:Response Actions","text":"Response Actions","time":"2023-01-13T09:38:51.495-08:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}}]},"timeToRead":1,"images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:4370116":{"__typename":"Conversation","id":"conversation:4370116","topic":{"__typename":"ForumTopicMessage","uid":4370116},"lastPostingActivityTime":"2025-01-24T15:29:24.231-08:00","solved":true},"User:user:94636":{"__typename":"User","uid":94636,"login":"Paul_Brock","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"rank":{"__typename":"Rank","name":"Brass Contributor","color":"333333","rankStyle":"TEXT"},"avatar":{"__typename":"UserAvatar","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/dS05NDYzNi0yNDA3OWkwQUYyMzAzQzhGQjQzM0Q4"},"id":"user:94636"},"ForumTopicMessage:message:4370116":{"__typename":"ForumTopicMessage","subject":"DeviceLogonEvents\n\"LogonSuccess\", \"LogoffSuccess\", \"ScreenLock\", \"ScreenUnlock\"","conversation":{"__ref":"Conversation:conversation:4370116"},"id":"message:4370116","revisionNum":1,"uid":4370116,"depth":0,"board":{"__ref":"Forum:board:MicrosoftThreatProtection"},"author":{"__ref":"User:user:94636"},"metrics":{"__typename":"MessageMetrics","views":87},"postTime":"2025-01-23T16:30:15.674-08:00","lastPublishTime":"2025-01-23T16:30:15.674-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" I'm trying to get \"LogonSuccess\", \"LogoffSuccess\", \"ScreenLock\", \"ScreenUnlock\" from the DeviceLogonEvent table but I am only seeing LogonSuccess. I'm wondering if I need to configure something in my tenant for those events to show up in the DeviceLogonEvents table. I have both event ID's 8400 and 8401 showing in the local security event log. ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"346","kudosSumWeight":0,"repliesCount":3,"readOnly":false,"tags":{"__typename":"TagConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98MQ","node":{"__typename":"Tag","id":"tag:microsoft defender for endpoint","text":"microsoft defender for endpoint","time":"2020-10-20T05:09:28.319-07:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}},{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98Mg","node":{"__typename":"Tag","id":"tag:microsoft sentinel","text":"microsoft sentinel","time":"2021-11-02T10:33:48.383-07:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}}]},"timeToRead":1,"images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:4360095":{"__typename":"Conversation","id":"conversation:4360095","topic":{"__typename":"ForumTopicMessage","uid":4360095},"lastPostingActivityTime":"2025-01-13T02:15:12.058-08:00","solved":true},"User:user:2835079":{"__typename":"User","uid":2835079,"login":"HKN","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"rank":{"__typename":"Rank","name":"Copper Contributor","color":"333333","rankStyle":"TEXT"},"avatar":{"__typename":"UserAvatar","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/m_assets/avatars/default/avatar-6.svg?time=0"},"id":"user:2835079"},"ForumTopicMessage:message:4360095":{"__typename":"ForumTopicMessage","subject":"Advanced Hunting Data Schema","conversation":{"__ref":"Conversation:conversation:4360095"},"id":"message:4360095","revisionNum":1,"uid":4360095,"depth":0,"board":{"__ref":"Forum:board:MicrosoftThreatProtection"},"author":{"__ref":"User:user:2835079"},"metrics":{"__typename":"MessageMetrics","views":170},"postTime":"2024-12-23T02:09:12.966-08:00","lastPublishTime":"2024-12-23T02:09:12.966-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Hello everyone, I have a question regarding the use of schema for Advanced Hunting queries. We are an organization with several companies under our holding. I need to recover the USB connections on the machines but only for one company and not the others. I need to sort on Company Name for the user. But in the Advanced Hunting schema there are no fields to filter on this. I looked specifically in UserInfo and DeviceInfo. Here's the query I use to detect USBs. I need to filter by CompanyName to retrieve the list of devices or users for this company only. DeviceEvents | where ActionType == “PnpDeviceConnected” | extend parsed=parse_json(AdditionalFields) | project Timestamp, DeviceName, DeviceId=tostring(parsed.DeviceId), ClassName=tostring(parsed.ClassName) | where ClassName == “DiskDrive” | summarize UsbFirstSeen=min(Timestamp), UsbLastSeen=max(Timestamp) by DeviceId, DeviceName; Is there another solution ? Thanks in advance for your answers, HKN ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"1059","kudosSumWeight":0,"repliesCount":8,"readOnly":false,"tags":{"__typename":"TagConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98MQ","node":{"__typename":"Tag","id":"tag:automation","text":"automation","time":"2016-09-07T22:49:15.893-07:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}},{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98Mg","node":{"__typename":"Tag","id":"tag:investigation","text":"investigation","time":"2019-01-31T13:58:58.496-08:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}},{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98Mw","node":{"__typename":"Tag","id":"tag:microsoft defender for endpoint","text":"microsoft defender for endpoint","time":"2020-10-20T05:09:28.319-07:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}}]},"timeToRead":1,"images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:3764979":{"__typename":"Conversation","id":"conversation:3764979","topic":{"__typename":"ForumTopicMessage","uid":3764979},"lastPostingActivityTime":"2024-12-18T11:50:40.177-08:00","solved":true},"User:user:1646195":{"__typename":"User","uid":1646195,"login":"EtienneFiset","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"rank":{"__typename":"Rank","name":"Brass Contributor","color":"333333","rankStyle":"TEXT"},"avatar":{"__typename":"UserAvatar","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/m_assets/avatars/default/avatar-8.svg?time=0"},"id":"user:1646195"},"ForumTopicMessage:message:3764979":{"__typename":"ForumTopicMessage","subject":"Monitoring copied files on External drive - USB","conversation":{"__ref":"Conversation:conversation:3764979"},"id":"message:3764979","revisionNum":2,"uid":3764979,"depth":0,"board":{"__ref":"Forum:board:MicrosoftThreatProtection"},"author":{"__ref":"User:user:1646195"},"metrics":{"__typename":"MessageMetrics","views":11086},"postTime":"2023-03-10T07:56:51.918-08:00","lastPublishTime":"2024-12-18T11:50:40.177-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Hello Guys, i struggle to find a way in Defender for EPP or other solutions to monitor when a user copied files on an external peripheral such as hard drive and USB. Some one have the procedure or documentation ? NOTE : Defender timeline could see when a user is plugging a USB stick. but that's... Thanks ! ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"337","kudosSumWeight":0,"repliesCount":2,"readOnly":false,"tags":{"__typename":"TagConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":true,"endCursor":"MjUuMXwyLjF8b3w1fF9OVl98NQ","hasPreviousPage":false,"startCursor":null},"edges":[{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98MQ","node":{"__typename":"Tag","id":"tag:Incident Management","text":"Incident Management","time":"2019-02-14T22:13:45.400-08:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}},{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98Mg","node":{"__typename":"Tag","id":"tag:investigation","text":"investigation","time":"2019-01-31T13:58:58.496-08:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}},{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98Mw","node":{"__typename":"Tag","id":"tag:microsoft defender for endpoint","text":"microsoft defender for endpoint","time":"2020-10-20T05:09:28.319-07:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}},{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98NA","node":{"__typename":"Tag","id":"tag:microsoft defender for office 365","text":"microsoft defender for office 365","time":"2020-10-08T11:30:26.675-07:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}},{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98NQ","node":{"__typename":"Tag","id":"tag:microsoft sentinel","text":"microsoft sentinel","time":"2021-11-02T10:33:48.383-07:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}}]},"timeToRead":1,"images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:4352847":{"__typename":"Conversation","id":"conversation:4352847","topic":{"__typename":"ForumTopicMessage","uid":4352847},"lastPostingActivityTime":"2024-12-16T08:57:10.927-08:00","solved":true},"User:user:2808126":{"__typename":"User","uid":2808126,"login":"Hendrik","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"rank":{"__typename":"Rank","name":"Copper Contributor","color":"333333","rankStyle":"TEXT"},"avatar":{"__typename":"UserAvatar","url":null},"id":"user:2808126"},"ForumTopicMessage:message:4352847":{"__typename":"ForumTopicMessage","subject":"Defender XDR - Resolved incidents still show up","conversation":{"__ref":"Conversation:conversation:4352847"},"id":"message:4352847","revisionNum":1,"uid":4352847,"depth":0,"board":{"__ref":"Forum:board:MicrosoftThreatProtection"},"author":{"__ref":"User:user:2808126"},"metrics":{"__typename":"MessageMetrics","views":63},"postTime":"2024-12-05T00:53:10.906-08:00","lastPublishTime":"2024-12-05T00:53:10.906-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" In Security Center I have multiple incidents that I changed to status resolved. However, they still appear in the Incidents view. What could be the issue? I don't have this issue with resolving incidents in Sentinel. ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"218","kudosSumWeight":0,"repliesCount":1,"readOnly":false,"tags":{"__typename":"TagConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98MQ","node":{"__typename":"Tag","id":"tag:Incident Management","text":"Incident Management","time":"2019-02-14T22:13:45.400-08:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}}]},"timeToRead":1,"images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:4351390":{"__typename":"Conversation","id":"conversation:4351390","topic":{"__typename":"ForumTopicMessage","uid":4351390},"lastPostingActivityTime":"2024-12-18T11:30:20.670-08:00","solved":true},"User:user:566941":{"__typename":"User","uid":566941,"login":"Fish_Tacos","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"rank":{"__typename":"Rank","name":"Brass Contributor","color":"333333","rankStyle":"TEXT"},"avatar":{"__typename":"UserAvatar","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/dS01NjY5NDEtNTY3NjcwaTk3NDk1MzI4OTA2MkI1NTc"},"id":"user:566941"},"ForumTopicMessage:message:4351390":{"__typename":"ForumTopicMessage","subject":"Tracking Sent Emails from a Shared Mailbox with Delegated Access","conversation":{"__ref":"Conversation:conversation:4351390"},"id":"message:4351390","revisionNum":1,"uid":4351390,"depth":0,"board":{"__ref":"Forum:board:MicrosoftThreatProtection"},"author":{"__ref":"User:user:566941"},"metrics":{"__typename":"MessageMetrics","views":283},"postTime":"2024-12-02T09:36:00.466-08:00","lastPublishTime":"2024-12-02T09:36:00.466-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Here is a detailed post to the Microsoft help forum about tracking down who sent emails from a shared mailbox with delegated access and send as rights: Title: Tracking Sent Emails from a Shared Mailbox with Delegated Access Dear Microsoft Community, I'm reaching out for assistance with an issue I'm encountering regarding a shared mailbox in my organization. The shared mailbox has been configured with delegated access and \"Send As\" rights for certain users. However, I'm finding that emails are being sent from this shared mailbox, and I need to determine which user is responsible for those sent messages. Here's some more context on the setup: We have a shared mailbox that multiple employees within my organization can access and send emails from using their individual user accounts. The shared mailbox has been granted \"Delegate Access\" and \"Send As\" rights to these authorized users. Whenever an email is sent from the shared mailbox, it appears to come from the shared mailbox address rather than the individual user's email address. I need to be able to track down and identify which user sent a specific email from the shared mailbox. My main questions are: How can I determine which user account was used to send a specific email from the shared mailbox? Is there logging or audit functionality within Microsoft 365 that would allow me to see the user who sent an email from the shared mailbox? Are there any third-party tools or add-ons that could provide this level of tracking and visibility for emails sent from a shared mailbox? I'm hoping the Microsoft community can provide some guidance and recommendations on the best approach to resolve this issue. Being able to identify the user responsible for emails sent from the shared mailbox is crucial for maintaining security and accountability within our organization. Thank you in advance for your assistance. I look forward to hearing back from the community. Best regards, ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"1963","kudosSumWeight":0,"repliesCount":1,"readOnly":false,"tags":{"__typename":"TagConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98MQ","node":{"__typename":"Tag","id":"tag:investigation","text":"investigation","time":"2019-01-31T13:58:58.496-08:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}},{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98Mg","node":{"__typename":"Tag","id":"tag:microsoft defender for office 365","text":"microsoft defender for office 365","time":"2020-10-08T11:30:26.675-07:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}}]},"timeToRead":2,"images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:4177140":{"__typename":"Conversation","id":"conversation:4177140","topic":{"__typename":"ForumTopicMessage","uid":4177140},"lastPostingActivityTime":"2024-09-25T13:11:41.839-07:00","solved":true},"ForumTopicMessage:message:4177140":{"__typename":"ForumTopicMessage","subject":"ASR rule \"Block Win32 API calls from Office macro Block XLS","conversation":{"__ref":"Conversation:conversation:4177140"},"id":"message:4177140","revisionNum":1,"uid":4177140,"depth":0,"board":{"__ref":"Forum:board:MicrosoftThreatProtection"},"author":{"__ref":"User:user:-1"},"metrics":{"__typename":"MessageMetrics","views":1974},"postTime":"2024-06-27T01:03:05.503-07:00","lastPublishTime":"2024-06-27T01:03:05.503-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Hi All, we have deploy defender for Endpoint in customer organization and the rule \"ASR rule \"Block Win32 API calls from Office macro\" block old version of Excel with macro, we set exclusion for a path that contain this file but problem persist. If we convert this file into new version of Excel problem not appears, there is a solution for this problem or we need to convert all files into new version ? Many Thanks Guido ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"443","kudosSumWeight":0,"repliesCount":3,"readOnly":false,"tags":{"__typename":"TagConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98MQ","node":{"__typename":"Tag","id":"tag:microsoft defender for endpoint","text":"microsoft defender for endpoint","time":"2020-10-20T05:09:28.319-07:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}}]},"timeToRead":1,"images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:4169943":{"__typename":"Conversation","id":"conversation:4169943","topic":{"__typename":"ForumTopicMessage","uid":4169943},"lastPostingActivityTime":"2024-06-17T17:54:03.569-07:00","solved":true},"User:user:2527794":{"__typename":"User","uid":2527794,"login":"GavinDatacom","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"rank":{"__typename":"Rank","name":"Copper Contributor","color":"333333","rankStyle":"TEXT"},"avatar":{"__typename":"UserAvatar","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/m_assets/avatars/default/avatar-12.svg?time=0"},"id":"user:2527794"},"ForumTopicMessage:message:4169943":{"__typename":"ForumTopicMessage","subject":"Defender - Export or capture certificate expiry data","conversation":{"__ref":"Conversation:conversation:4169943"},"id":"message:4169943","revisionNum":1,"uid":4169943,"depth":0,"board":{"__ref":"Forum:board:MicrosoftThreatProtection"},"author":{"__ref":"User:user:2527794"},"metrics":{"__typename":"MessageMetrics","views":416},"postTime":"2024-06-17T11:38:55.908-07:00","lastPublishTime":"2024-06-17T11:38:55.908-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Hi There, I am attempting to pull expired certificate information from Defender. My question is thus two fold: Is it possible to create an email or alert based on certificates due to expire in 30 days. Is it possible to call an API for Defender for Endpoint? Our current solution for alerts on expiring certificates in the domain is no longer sustainable and I am looking at redesigning the solution, however, before we can do a proper solution, we need to do something a little less manual and this will be our start. Alert Rule I can see that the certificate information is under the Inventories of the Vulnerabilities blade in Defender Endpoint which suggests that an expiring certificate should alert as a Vulnerability. Is this correct, if so how would I go about creating an alert to identify this? API or Information passing Is it possible to use API to call the information of certificates from Defender, again I have looked and found nothing. If API's aren't possible I saw that I can ship the data to Event Hub which would be useful but again I need to know if the certificate information is captured and passed on if I do this. Does anyone have this information? Thanks, ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"1226","kudosSumWeight":0,"repliesCount":1,"readOnly":false,"tags":{"__typename":"TagConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98MQ","node":{"__typename":"Tag","id":"tag:alerts","text":"alerts","time":"2018-02-26T22:00:55.393-08:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}},{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98Mg","node":{"__typename":"Tag","id":"tag:automation","text":"automation","time":"2016-09-07T22:49:15.893-07:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}},{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98Mw","node":{"__typename":"Tag","id":"tag:learning","text":"learning","time":"2019-03-21T04:21:17.532-07:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}},{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98NA","node":{"__typename":"Tag","id":"tag:microsoft defender for endpoint","text":"microsoft defender for endpoint","time":"2020-10-20T05:09:28.319-07:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}},{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98NQ","node":{"__typename":"Tag","id":"tag:Remediation","text":"Remediation","time":"2020-10-28T10:30:00.012-07:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}}]},"timeToRead":1,"images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:4150421":{"__typename":"Conversation","id":"conversation:4150421","topic":{"__typename":"ForumTopicMessage","uid":4150421},"lastPostingActivityTime":"2024-07-17T06:30:07.848-07:00","solved":true},"User:user:2488205":{"__typename":"User","uid":2488205,"login":"arifvase","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"rank":{"__typename":"Rank","name":"Copper Contributor","color":"333333","rankStyle":"TEXT"},"avatar":{"__typename":"UserAvatar","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/m_assets/avatars/default/avatar-8.svg?time=0"},"id":"user:2488205"},"ForumTopicMessage:message:4150421":{"__typename":"ForumTopicMessage","subject":"Incidents and Alerts blades missing in Defender portal","conversation":{"__ref":"Conversation:conversation:4150421"},"id":"message:4150421","revisionNum":2,"uid":4150421,"depth":0,"board":{"__ref":"Forum:board:MicrosoftThreatProtection"},"author":{"__ref":"User:user:2488205"},"metrics":{"__typename":"MessageMetrics","views":605},"postTime":"2024-05-23T10:27:36.372-07:00","lastPublishTime":"2024-05-23T10:32:11.823-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Hi, We recently found out that the incidents and alerts blades have disappeared from our Defender portal. This is true for both Global Admin and Security Administrator roles. We use A5 licenses in our tenant. Not sure what happened. Microsoft Unified support has not been very helpful in even replying to our query. Can someone please point us in the right direction. We don't know what has happened. Thanks in advance, ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"439","kudosSumWeight":0,"repliesCount":1,"readOnly":false,"tags":{"__typename":"TagConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98MQ","node":{"__typename":"Tag","id":"tag:alerts","text":"alerts","time":"2018-02-26T22:00:55.393-08:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}},{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98Mg","node":{"__typename":"Tag","id":"tag:Incident Management","text":"Incident Management","time":"2019-02-14T22:13:45.400-08:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}},{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98Mw","node":{"__typename":"Tag","id":"tag:investigation","text":"investigation","time":"2019-01-31T13:58:58.496-08:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}}]},"timeToRead":1,"images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:4124272":{"__typename":"Conversation","id":"conversation:4124272","topic":{"__typename":"ForumTopicMessage","uid":4124272},"lastPostingActivityTime":"2024-09-02T00:53:16.277-07:00","solved":true},"User:user:533323":{"__typename":"User","uid":533323,"login":"StephanGee","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"rank":{"__typename":"Rank","name":"Steel Contributor","color":"333333","rankStyle":"TEXT"},"avatar":{"__typename":"UserAvatar","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/dS01MzMzMjMtMjE1NTM4aURBQTdDM0NGMUY5NjI3QzE"},"id":"user:533323"},"ForumTopicMessage:message:4124272":{"__typename":"ForumTopicMessage","subject":"Entra ID protection - Integration into Defender XDR","conversation":{"__ref":"Conversation:conversation:4124272"},"id":"message:4124272","revisionNum":1,"uid":4124272,"depth":0,"board":{"__ref":"Forum:board:MicrosoftThreatProtection"},"author":{"__ref":"User:user:533323"},"metrics":{"__typename":"MessageMetrics","views":2514},"postTime":"2024-04-26T03:56:30.546-07:00","lastPublishTime":"2024-04-26T03:56:30.546-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Hi everyone, is it possible to integrate this into Defender? Or is there a hunt or Cloud App Policy that will trigger an Alert in Defender Portal? BR Stephan ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"178","kudosSumWeight":1,"repliesCount":8,"readOnly":false,"tags":{"__typename":"TagConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98MQ","node":{"__typename":"Tag","id":"tag:Incident Management","text":"Incident Management","time":"2019-02-14T22:13:45.400-08:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}},{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98Mg","node":{"__typename":"Tag","id":"tag:microsoft defender for endpoint","text":"microsoft defender for endpoint","time":"2020-10-20T05:09:28.319-07:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}},{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98Mw","node":{"__typename":"Tag","id":"tag:playbooks","text":"playbooks","time":"2020-10-19T08:31:04.449-07:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}}]},"timeToRead":1,"images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:4122417":{"__typename":"Conversation","id":"conversation:4122417","topic":{"__typename":"ForumTopicMessage","uid":4122417},"lastPostingActivityTime":"2024-04-25T02:29:15.468-07:00","solved":true},"User:user:636617":{"__typename":"User","uid":636617,"login":"djolenole","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"rank":{"__typename":"Rank","name":"Brass Contributor","color":"333333","rankStyle":"TEXT"},"avatar":{"__typename":"UserAvatar","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/m_assets/avatars/default/avatar-2.svg?time=0"},"id":"user:636617"},"ForumTopicMessage:message:4122417":{"__typename":"ForumTopicMessage","subject":"MacOS set preferences - manual deployment without MDM","conversation":{"__ref":"Conversation:conversation:4122417"},"id":"message:4122417","revisionNum":3,"uid":4122417,"depth":0,"board":{"__ref":"Forum:board:MicrosoftThreatProtection"},"author":{"__ref":"User:user:636617"},"metrics":{"__typename":"MessageMetrics","views":517},"postTime":"2024-04-24T06:05:52.747-07:00","lastPublishTime":"2024-04-24T06:11:13.517-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Hello, we are testing Microsoft Defender on macOS devices. It is working and reporting in the Defender portal. I see in documentation that there are examples of creating config profile in Jamf and Intune: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/mac-preferences?view=o365-worldwide Is it possible to create a simple config profile manually (without using any MDM system) for testing purposes? Something like we can do on Linux OS: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/linux-preferences?view=o365-worldwide - using config file /etc/opt/microsoft/mdatp/managed/mdatp_managed.json Thanks! ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"743","kudosSumWeight":0,"repliesCount":2,"readOnly":false,"tags":{"__typename":"TagConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98MQ","node":{"__typename":"Tag","id":"tag:microsoft defender for endpoint","text":"microsoft defender for endpoint","time":"2020-10-20T05:09:28.319-07:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}},{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98Mg","node":{"__typename":"Tag","id":"tag:Onboarding","text":"Onboarding","time":"2016-07-14T12:18:43.768-07:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}}]},"timeToRead":1,"images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:4120198":{"__typename":"Conversation","id":"conversation:4120198","topic":{"__typename":"ForumTopicMessage","uid":4120198},"lastPostingActivityTime":"2024-04-23T12:35:02.381-07:00","solved":true},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MTIwMTk4LTU3MzI1OGlGMTVDREU0NTc2Q0MzOUZF?revision=1\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MTIwMTk4LTU3MzI1OGlGMTVDREU0NTc2Q0MzOUZF?revision=1","title":"djolenole_0-1713797776535.png","associationType":"BODY","width":919,"height":598,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MTIwMTk4LTU3MzI1OWk0Q0RENkNFMDY1NjU4NzAy?revision=1\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MTIwMTk4LTU3MzI1OWk0Q0RENkNFMDY1NjU4NzAy?revision=1","title":"djolenole_1-1713797923514.png","associationType":"BODY","width":747,"height":378,"altText":null},"ForumTopicMessage:message:4120198":{"__typename":"ForumTopicMessage","subject":"EICAR file is not blocked by Defender for Endpoint on Linux","conversation":{"__ref":"Conversation:conversation:4120198"},"id":"message:4120198","revisionNum":1,"uid":4120198,"depth":0,"board":{"__ref":"Forum:board:MicrosoftThreatProtection"},"author":{"__ref":"User:user:636617"},"metrics":{"__typename":"MessageMetrics","views":1302},"postTime":"2024-04-22T08:01:16.204-07:00","lastPublishTime":"2024-04-22T08:01:16.204-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Hello, we are testing Microsoft Defender for Endpoint on Linux Ubuntu devices. I successfully onboarded machine, it is visible in Defender portal and I am able to generate incident using test https://aka.ms/LinuxDIY However, I am not able to detect/block EICAR test file using suggested command: curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt After it, eicar.com.txt file is in Downloads folder and nothing happens. \"mdatp health\" output: Configuration in mdatp_managed.json file: Am I missing something? Thanks ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"625","kudosSumWeight":0,"repliesCount":2,"readOnly":false,"tags":{"__typename":"TagConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98MQ","node":{"__typename":"Tag","id":"tag:microsoft defender for endpoint","text":"microsoft defender for endpoint","time":"2020-10-20T05:09:28.319-07:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}}]},"timeToRead":1,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MTIwMTk4LTU3MzI1OGlGMTVDREU0NTc2Q0MzOUZF?revision=1\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDI","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MTIwMTk4LTU3MzI1OWk0Q0RENkNFMDY1NjU4NzAy?revision=1\"}"}}],"totalCount":2,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:4119284":{"__typename":"Conversation","id":"conversation:4119284","topic":{"__typename":"ForumTopicMessage","uid":4119284},"lastPostingActivityTime":"2024-04-20T11:06:45.731-07:00","solved":true},"User:user:460770":{"__typename":"User","uid":460770,"login":"ahmedamer","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"rank":{"__typename":"Rank","name":"Copper Contributor","color":"333333","rankStyle":"TEXT"},"avatar":{"__typename":"UserAvatar","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/m_assets/avatars/default/avatar-6.svg?time=0"},"id":"user:460770"},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MTE5Mjg0LTU3MjkzN2kyMjU5QzQ2Q0IyODFCRDY1?revision=1\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MTE5Mjg0LTU3MjkzN2kyMjU5QzQ2Q0IyODFCRDY1?revision=1","title":"EDR1.png","associationType":"BODY","width":882,"height":1212,"altText":null},"ForumTopicMessage:message:4119284":{"__typename":"ForumTopicMessage","subject":"abnormal Behavior in Users Devices","conversation":{"__ref":"Conversation:conversation:4119284"},"id":"message:4119284","revisionNum":1,"uid":4119284,"depth":0,"board":{"__ref":"Forum:board:MicrosoftThreatProtection"},"author":{"__ref":"User:user:460770"},"metrics":{"__typename":"MessageMetrics","views":1228},"postTime":"2024-04-20T07:57:08.590-07:00","lastPublishTime":"2024-04-20T07:57:08.590-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" hi security guys I am facing strange behaviors on Microsoft EDR that show in timeline Windows Defender Advanced Threat Protection\\SenseIR.exe is using fake accounts which are not exist in Microsoft Active directory and Azure Active Directory Is considering a normal behavior, hacked or Windows Defender Advanced Threat Protection zero day vulnerable. the below sample from timeline that related with fake account. Event Time Machine Id Computer Name Action Type File Name Folder Path Sha1 Sha256 MD5 Process Command Line Account Domain Account Name Account Sid Logo Id Process Id Process Creation Time Process Token Elevation Registry Key Registry Value Name Registry Value Data Remote Url Remote Computer Name Remote IP Remote Port Local IP Local Port File Origin Url File Origin IP Initiating Process SHA1 Initiating Process SHA256 Initiating Process File Name Initiating Process Folder Path Initiating Process Id Initiating Process Command Line Initiating Process Creation Time Initiating Process Integrity Level Initiating Process Token Elevation Initiating Process Parent Id Initiating Process Parent File Name Initiating Process Parent Creation Time Initiating Process MD5 Initiating Process Account Domain Initiating Process Account Name Initiating Process Account Sid Initiating Process Logon Id Report Id Additional Fields App Guard Container Id Protocol Logon Type Process Integrity Level Registry Value Type Previous Registry Value Name Previous Registry Value Data Previous Registry Key File Origin Referrer Url Sensitivity Label Sensitivity Sub Label Is Endpoint Dlp Applied Is Azure Info Protection Applied Alert Ids Categories Severities Is Marked Data Type 2024-04-19T12:22:10.987 6595e6522d8db8d92425250a4fe68dd7ce1fc1db PC1 InboundRdpConnection LITC fake account S-1-5-21-3977750084-2905094788-454684165-926103861 7c04ec2377e32b3c742f581f6c5437464dd2cf2 3247PKBT60B6DT25B34CP74B5889Ap10F1B3S72B4D4D95B5B25B54560B8 powershell.exe C:\\Windows\\System32\\WindowsPowerShell\\v1.0 8332 powershell.exe -ExecutionPolicy Bypass -NoProfile -NonInteractive -Command \"& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\\ProgramData\\Microsoft\\Windows Defender Advanced Threat Protection\\Downloads\\PSScript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::Read);$calculatedHash = Microsoft.PowerShell.Utility\\ Get-FileHash 'C:\\ProgramData\\Microsoft\\Windows Defender Advanced Threat Protection\\Downloads\\PSScript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.ps1' -Algorithm SHA256; if (!( $calculatedHash.Hash -eq '575497143631ed5cd604e7a1e8666187bd6acf421ad685273e559c0013179789')) { exit 323;}; Start-Transcript -Path 'C:\\ProgramData\\Microsoft\\Windows Defender Advanced Threat Protection\\Temp\\PSScriptOutputs\\PSScript_Transcript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.txt'; . 'C:\\ProgramData\\Microsoft\\Windows Defender Advanced Threat Protection\\Downloads\\PSScript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.ps1' -Id 3f884218-6a5a-4d02-8032-32ed7f90339a -Descriptor eyJEZXRlY3Rpb25LZXlzIjpbIk1va2h0YXIuU2hvc2hhbiJdLCJDb250ZW50IjoiZXdvZ0lDSlRaWEpwWVd4cGVtVmtUbXhTWldOdmNtUWlPaUFpU0dkQlNVRkNORUZJWjBGQlFVRkJRVUZCUVVGQlJGVTFUWHBqUVVGblFVRkJaMEZCUVVGblFVZEJRemNyY3pONU9UUXZZVUZSVVVGQlVVRkJRVUZCUVVGUlFVdEJRVUZCUVVGQlVVRkJRVUZHUVVFd1FVTmlWRGRNWW5SWVduUjVNbTlPUmtnek1FcGhNRlZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUWtGQlFVRkJRVUZCUVVGQlFVRkJRVU5CUVVGQlJHZEJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZVVVVKMlFVZHpRV0ZCUWpCQlIwVkJZMmRCZFVGR1RVRmhRVUoyUVVoTlFXRkJRbWhCUnpSQlFVRkNjMEZIYTBGa1FVSnFRVWQzUVdGUlFqQkJSMDFCVEdkQ2MwRkhPRUZaZDBKb1FVZDNRVlJSUW5aQlIzTkJZVUZDTUVGSFJVRmpaMEYxUVVaTlFXRkJRblpCU0UxQllVRkNhRUZITkVGUlFVSnpRVWRyUVdSQlFtcEJRelJCWWtGQ2RrRkhUVUZaVVVKelFVVXdRV0ozUW5KQlIyZEJaRUZDYUVGSVNVRk1aMEpVUVVkblFXSjNRbnBCUjJkQldWRkNkVUZCUVVGVVVVSjJRVWR6UVdGQlFqQkJSMFZCWTJkQlowRkdUVUZoUVVKMlFVaE5RV0ZCUW1oQlJ6UkJRVUZCUVVGblFVRkNkMEZCUVVGRlEwRkJRVWhCUVVGQllrRkNjRUZJVVVGWmQwSlRaRzQ0V0dOcVZVWTFSVzVIT0hadWFFUlFSUzh2ZEdOQ2FtUXlNMjFHVlc5QlJ6UkJaRkZDYzBGSGQwRkxVVUZCUVVFOVBTSXNDaUFnSWxOdlpuUjNZWEpsUlhoamJIVnphVzl1VEdsemRFWnZja1JsY0d4dmVXMWxiblFpT2lCYlhRcDkiLCJFbnRpdHlQYXRoIjoiIiwiRW50aXR5VHlwZSI6NiwiTHVyZURlcGxveW1lbnRDb250ZXh0Ijp7IkV4cGlyYXRpb25VdGMiOiIyMDI0LTA0LTIyVDEyOjE2OjQ1LjQ0NTE3NzVaIiwiSWQiOiJhZjlkNWY2YS1jNjZhLTRmYmMtOTkwZS00MzMwYmI4ZTZjODQiLCJDb3JyZWxhdGlvbklkIjpudWxsfSwiRmlsZUF0dHJpYnV0ZXMiOjAsIlVzZXJSaWQiOjkyNjEwMzg2MX0=}\" 2024-04-19T12:21:13.582 System Default 7192 SenseIR.exe 2024-04-19T12:21:11.307 NT AUTHORITY system S-1-5-18 1.65E+09 T1021.001 (bolster) Techniques 2024-04-19T12:22:10.987 6595e6522d8db8d92425250a4fe68dd7ce1fc1db PC1 WindowsDomainAccountLogonSuccess LITC fake account S-1-5-21-3977750084-2905094788-454684165-926103861 7c04ec2377e32b3c742f581f6c5437464dd2cf2 3247PKBT60B6DT25B34CP74B5889Ap10F1B3S72B4D4D95B5B25B54560B8 powershell.exe C:\\Windows\\System32\\WindowsPowerShell\\v1.0 8332 powershell.exe -ExecutionPolicy Bypass -NoProfile -NonInteractive -Command \"& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\\ProgramData\\Microsoft\\Windows Defender Advanced Threat Protection\\Downloads\\PSScript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::Read);$calculatedHash = Microsoft.PowerShell.Utility\\ Get-FileHash 'C:\\ProgramData\\Microsoft\\Windows Defender Advanced Threat Protection\\Downloads\\PSScript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.ps1' -Algorithm SHA256; if (!( $calculatedHash.Hash -eq '575497143631ed5cd604e7a1e8666187bd6acf421ad685273e559c0013179789')) { exit 323;}; Start-Transcript -Path 'C:\\ProgramData\\Microsoft\\Windows Defender Advanced Threat Protection\\Temp\\PSScriptOutputs\\PSScript_Transcript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.txt'; . 'C:\\ProgramData\\Microsoft\\Windows Defender Advanced Threat Protection\\Downloads\\PSScript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.ps1' -Id 3f884218-6a5a-4d02-8032-32ed7f90339a -Descriptor eyJEZXRlY3Rpb25LZXlzIjpbIk1va2h0YXIuU2hvc2hhbiJdLCJDb250ZW50IjoiZXdvZ0lDSlRaWEpwWVd4cGVtVmtUbXhTWldOdmNtUWlPaUFpU0dkQlNVRkNORUZJWjBGQlFVRkJRVUZCUVVGQlJGVTFUWHBqUVVGblFVRkJaMEZCUVVGblFVZEJRemNyY3pONU9UUXZZVUZSVVVGQlVVRkJRVUZCUVVGUlFVdEJRVUZCUVVGQlVVRkJRVUZHUVVFd1FVTmlWRGRNWW5SWVduUjVNbTlPUmtnek1FcGhNRlZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUWtGQlFVRkJRVUZCUVVGQlFVRkJRVU5CUVVGQlJHZEJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZVVVVKMlFVZHpRV0ZCUWpCQlIwVkJZMmRCZFVGR1RVRmhRVUoyUVVoTlFXRkJRbWhCUnpSQlFVRkNjMEZIYTBGa1FVSnFRVWQzUVdGUlFqQkJSMDFCVEdkQ2MwRkhPRUZaZDBKb1FVZDNRVlJSUW5aQlIzTkJZVUZDTUVGSFJVRmpaMEYxUVVaTlFXRkJRblpCU0UxQllVRkNhRUZITkVGUlFVSnpRVWRyUVdSQlFtcEJRelJCWWtGQ2RrRkhUVUZaVVVKelFVVXdRV0ozUW5KQlIyZEJaRUZDYUVGSVNVRk1aMEpVUVVkblFXSjNRbnBCUjJkQldWRkNkVUZCUVVGVVVVSjJRVWR6UVdGQlFqQkJSMFZCWTJkQlowRkdUVUZoUVVKMlFVaE5RV0ZCUW1oQlJ6UkJRVUZCUVVGblFVRkNkMEZCUVVGRlEwRkJRVWhCUVVGQllrRkNjRUZJVVVGWmQwSlRaRzQ0V0dOcVZVWTFSVzVIT0hadWFFUlFSUzh2ZEdOQ2FtUXlNMjFHVlc5QlJ6UkJaRkZDYzBGSGQwRkxVVUZCUVVFOVBTSXNDaUFnSWxOdlpuUjNZWEpsUlhoamJIVnphVzl1VEdsemRFWnZja1JsY0d4dmVXMWxiblFpT2lCYlhRcDkiLCJFbnRpdHlQYXRoIjoiIiwiRW50aXR5VHlwZSI6NiwiTHVyZURlcGxveW1lbnRDb250ZXh0Ijp7IkV4cGlyYXRpb25VdGMiOiIyMDI0LTA0LTIyVDEyOjE2OjQ1LjQ0NTE3NzVaIiwiSWQiOiJhZjlkNWY2YS1jNjZhLTRmYmMtOTkwZS00MzMwYmI4ZTZjODQiLCJDb3JyZWxhdGlvbklkIjpudWxsfSwiRmlsZUF0dHJpYnV0ZXMiOjAsIlVzZXJSaWQiOjkyNjEwMzg2MX0=}\" 2024-04-19T12:21:13.582 System Default 7192 SenseIR.exe 2024-04-19T12:21:11.307 NT AUTHORITY system S-1-5-18 9.09E+08 T1078.002 (bolster) Techniques 2024-04-19T12:22:10.987 6595e6522d8db8d92425250a4fe68dd7ce1fc1db PC1 LogonSuccess LITC fake account S-1-5-21-3977750084-2905094788-454684165-926103861 7c04ec2377e32b3c742f581f6c5437464dd2cf2 3247PKBT60B6DT25B34CP74B5889Ap10F1B3S72B4D4D95B5B25B54560B8 powershell.exe C:\\Windows\\System32\\WindowsPowerShell\\v1.0 8332 powershell.exe -ExecutionPolicy Bypass -NoProfile -NonInteractive -Command \"& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\\ProgramData\\Microsoft\\Windows Defender Advanced Threat Protection\\Downloads\\PSScript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::Read);$calculatedHash = Microsoft.PowerShell.Utility\\ Get-FileHash 'C:\\ProgramData\\Microsoft\\Windows Defender Advanced Threat Protection\\Downloads\\PSScript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.ps1' -Algorithm SHA256; if (!( $calculatedHash.Hash -eq '575497143631ed5cd604e7a1e8666187bd6acf421ad685273e559c0013179789')) { exit 323;}; Start-Transcript -Path 'C:\\ProgramData\\Microsoft\\Windows Defender Advanced Threat Protection\\Temp\\PSScriptOutputs\\PSScript_Transcript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.txt'; . 'C:\\ProgramData\\Microsoft\\Windows Defender Advanced Threat Protection\\Downloads\\PSScript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.ps1' -Id 3f884218-6a5a-4d02-8032-32ed7f90339a -Descriptor eyJEZXRlY3Rpb25LZXlzIjpbIk1va2h0YXIuU2hvc2hhbiJdLCJDb250ZW50IjoiZXdvZ0lDSlRaWEpwWVd4cGVtVmtUbXhTWldOdmNtUWlPaUFpU0dkQlNVRkNORUZJWjBGQlFVRkJRVUZCUVVGQlJGVTFUWHBqUVVGblFVRkJaMEZCUVVGblFVZEJRemNyY3pONU9UUXZZVUZSVVVGQlVVRkJRVUZCUVVGUlFVdEJRVUZCUVVGQlVVRkJRVUZHUVVFd1FVTmlWRGRNWW5SWVduUjVNbTlPUmtnek1FcGhNRlZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUWtGQlFVRkJRVUZCUVVGQlFVRkJRVU5CUVVGQlJHZEJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZVVVVKMlFVZHpRV0ZCUWpCQlIwVkJZMmRCZFVGR1RVRmhRVUoyUVVoTlFXRkJRbWhCUnpSQlFVRkNjMEZIYTBGa1FVSnFRVWQzUVdGUlFqQkJSMDFCVEdkQ2MwRkhPRUZaZDBKb1FVZDNRVlJSUW5aQlIzTkJZVUZDTUVGSFJVRmpaMEYxUVVaTlFXRkJRblpCU0UxQllVRkNhRUZITkVGUlFVSnpRVWRyUVdSQlFtcEJRelJCWWtGQ2RrRkhUVUZaVVVKelFVVXdRV0ozUW5KQlIyZEJaRUZDYUVGSVNVRk1aMEpVUVVkblFXSjNRbnBCUjJkQldWRkNkVUZCUVVGVVVVSjJRVWR6UVdGQlFqQkJSMFZCWTJkQlowRkdUVUZoUVVKMlFVaE5RV0ZCUW1oQlJ6UkJRVUZCUVVGblFVRkNkMEZCUVVGRlEwRkJRVWhCUVVGQllrRkNjRUZJVVVGWmQwSlRaRzQ0V0dOcVZVWTFSVzVIT0hadWFFUlFSUzh2ZEdOQ2FtUXlNMjFHVlc5QlJ6UkJaRkZDYzBGSGQwRkxVVUZCUVVFOVBTSXNDaUFnSWxOdlpuUjNZWEpsUlhoamJIVnphVzl1VEdsemRFWnZja1JsY0d4dmVXMWxiblFpT2lCYlhRcDkiLCJFbnRpdHlQYXRoIjoiIiwiRW50aXR5VHlwZSI6NiwiTHVyZURlcGxveW1lbnRDb250ZXh0Ijp7IkV4cGlyYXRpb25VdGMiOiIyMDI0LTA0LTIyVDEyOjE2OjQ1LjQ0NTE3NzVaIiwiSWQiOiJhZjlkNWY2YS1jNjZhLTRmYmMtOTkwZS00MzMwYmI4ZTZjODQiLCJDb3JyZWxhdGlvbklkIjpudWxsfSwiRmlsZUF0dHJpYnV0ZXMiOjAsIlVzZXJSaWQiOjkyNjEwMzg2MX0=}\" 2024-04-19T12:21:13.582 System Standard 7192 \\Device\\HarddiskVolume3\\Program Files\\Windows Defender Advanced Threat Protection\\SenseIR.exe 2024-04-19T12:21:11.307 nt authority system S-1-5-18 28953 {\"IsLocalLogon\":false} CachedRemoteInteractive Events 2024-04-19T12:22:10.987 6595e6522d8db8d92425250a4fe68dd7ce1fc1db PC1 WindowsDomainAccountLogonSuccess LITC fake account S-1-5-21-3977750084-2905094788-454684165-926103861 7c04ec2377e32b3c742f581f6c5437464dd2cf2 3247PKBT60B6DT25B34CP74B5889Ap10F1B3S72B4D4D95B5B25B54560B8 powershell.exe C:\\Windows\\System32\\WindowsPowerShell\\v1.0 8332 powershell.exe -ExecutionPolicy Bypass -NoProfile -NonInteractive -Command \"& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\\ProgramData\\Microsoft\\Windows Defender Advanced Threat Protection\\Downloads\\PSScript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::Read);$calculatedHash = Microsoft.PowerShell.Utility\\ Get-FileHash 'C:\\ProgramData\\Microsoft\\Windows Defender Advanced Threat Protection\\Downloads\\PSScript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.ps1' -Algorithm SHA256; if (!( $calculatedHash.Hash -eq '575497143631ed5cd604e7a1e8666187bd6acf421ad685273e559c0013179789')) { exit 323;}; Start-Transcript -Path 'C:\\ProgramData\\Microsoft\\Windows Defender Advanced Threat Protection\\Temp\\PSScriptOutputs\\PSScript_Transcript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.txt'; . 'C:\\ProgramData\\Microsoft\\Windows Defender Advanced Threat Protection\\Downloads\\PSScript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.ps1' -Id 3f884218-6a5a-4d02-8032-32ed7f90339a -Descriptor eyJEZXRlY3Rpb25LZXlzIjpbIk1va2h0YXIuU2hvc2hhbiJdLCJDb250ZW50IjoiZXdvZ0lDSlRaWEpwWVd4cGVtVmtUbXhTWldOdmNtUWlPaUFpU0dkQlNVRkNORUZJWjBGQlFVRkJRVUZCUVVGQlJGVTFUWHBqUVVGblFVRkJaMEZCUVVGblFVZEJRemNyY3pONU9UUXZZVUZSVVVGQlVVRkJRVUZCUVVGUlFVdEJRVUZCUVVGQlVVRkJRVUZHUVVFd1FVTmlWRGRNWW5SWVduUjVNbTlPUmtnek1FcGhNRlZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUWtGQlFVRkJRVUZCUVVGQlFVRkJRVU5CUVVGQlJHZEJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZVVVVKMlFVZHpRV0ZCUWpCQlIwVkJZMmRCZFVGR1RVRmhRVUoyUVVoTlFXRkJRbWhCUnpSQlFVRkNjMEZIYTBGa1FVSnFRVWQzUVdGUlFqQkJSMDFCVEdkQ2MwRkhPRUZaZDBKb1FVZDNRVlJSUW5aQlIzTkJZVUZDTUVGSFJVRmpaMEYxUVVaTlFXRkJRblpCU0UxQllVRkNhRUZITkVGUlFVSnpRVWRyUVdSQlFtcEJRelJCWWtGQ2RrRkhUVUZaVVVKelFVVXdRV0ozUW5KQlIyZEJaRUZDYUVGSVNVRk1aMEpVUVVkblFXSjNRbnBCUjJkQldWRkNkVUZCUVVGVVVVSjJRVWR6UVdGQlFqQkJSMFZCWTJkQlowRkdUVUZoUVVKMlFVaE5RV0ZCUW1oQlJ6UkJRVUZCUVVGblFVRkNkMEZCUVVGRlEwRkJRVWhCUVVGQllrRkNjRUZJVVVGWmQwSlRaRzQ0V0dOcVZVWTFSVzVIT0hadWFFUlFSUzh2ZEdOQ2FtUXlNMjFHVlc5QlJ6UkJaRkZDYzBGSGQwRkxVVUZCUVVFOVBTSXNDaUFnSWxOdlpuUjNZWEpsUlhoamJIVnphVzl1VEdsemRFWnZja1JsY0d4dmVXMWxiblFpT2lCYlhRcDkiLCJFbnRpdHlQYXRoIjoiIiwiRW50aXR5VHlwZSI6NiwiTHVyZURlcGxveW1lbnRDb250ZXh0Ijp7IkV4cGlyYXRpb25VdGMiOiIyMDI0LTA0LTIyVDEyOjE2OjQ1LjQ0NTE3NzVaIiwiSWQiOiJhZjlkNWY2YS1jNjZhLTRmYmMtOTkwZS00MzMwYmI4ZTZjODQiLCJDb3JyZWxhdGlvbklkIjpudWxsfSwiRmlsZUF0dHJpYnV0ZXMiOjAsIlVzZXJSaWQiOjkyNjEwMzg2MX0=}\" 2024-04-19T12:21:13.582 System Default 7192 SenseIR.exe 2024-04-19T12:21:11.307 NT AUTHORITY system S-1-5-18 8.59E+08 T1078.002 (bolster) Techniques 2024-04-19T12:22:10.987 6595e6522d8db8d92425250a4fe68dd7ce1fc1db PC1 InboundRdpConnection LITC fake account S-1-5-21-3977750084-2905094788-454684165-926103861 7c04ec2377e32b3c742f581f6c5437464dd2cf2 3247PKBT60B6DT25B34CP74B5889Ap10F1B3S72B4D4D95B5B25B54560B8 powershell.exe C:\\Windows\\System32\\WindowsPowerShell\\v1.0 8332 powershell.exe -ExecutionPolicy Bypass -NoProfile -NonInteractive -Command \"& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\\ProgramData\\Microsoft\\Windows Defender Advanced Threat Protection\\Downloads\\PSScript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::Read);$calculatedHash = Microsoft.PowerShell.Utility\\ Get-FileHash 'C:\\ProgramData\\Microsoft\\Windows Defender Advanced Threat Protection\\Downloads\\PSScript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.ps1' -Algorithm SHA256; if (!( $calculatedHash.Hash -eq '575497143631ed5cd604e7a1e8666187bd6acf421ad685273e559c0013179789')) { exit 323;}; Start-Transcript -Path 'C:\\ProgramData\\Microsoft\\Windows Defender Advanced Threat Protection\\Temp\\PSScriptOutputs\\PSScript_Transcript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.txt'; . 'C:\\ProgramData\\Microsoft\\Windows Defender Advanced Threat Protection\\Downloads\\PSScript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.ps1' -Id 3f884218-6a5a-4d02-8032-32ed7f90339a -Descriptor eyJEZXRlY3Rpb25LZXlzIjpbIk1va2h0YXIuU2hvc2hhbiJdLCJDb250ZW50IjoiZXdvZ0lDSlRaWEpwWVd4cGVtVmtUbXhTWldOdmNtUWlPaUFpU0dkQlNVRkNORUZJWjBGQlFVRkJRVUZCUVVGQlJGVTFUWHBqUVVGblFVRkJaMEZCUVVGblFVZEJRemNyY3pONU9UUXZZVUZSVVVGQlVVRkJRVUZCUVVGUlFVdEJRVUZCUVVGQlVVRkJRVUZHUVVFd1FVTmlWRGRNWW5SWVduUjVNbTlPUmtnek1FcGhNRlZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUWtGQlFVRkJRVUZCUVVGQlFVRkJRVU5CUVVGQlJHZEJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZVVVVKMlFVZHpRV0ZCUWpCQlIwVkJZMmRCZFVGR1RVRmhRVUoyUVVoTlFXRkJRbWhCUnpSQlFVRkNjMEZIYTBGa1FVSnFRVWQzUVdGUlFqQkJSMDFCVEdkQ2MwRkhPRUZaZDBKb1FVZDNRVlJSUW5aQlIzTkJZVUZDTUVGSFJVRmpaMEYxUVVaTlFXRkJRblpCU0UxQllVRkNhRUZITkVGUlFVSnpRVWRyUVdSQlFtcEJRelJCWWtGQ2RrRkhUVUZaVVVKelFVVXdRV0ozUW5KQlIyZEJaRUZDYUVGSVNVRk1aMEpVUVVkblFXSjNRbnBCUjJkQldWRkNkVUZCUVVGVVVVSjJRVWR6UVdGQlFqQkJSMFZCWTJkQlowRkdUVUZoUVVKMlFVaE5RV0ZCUW1oQlJ6UkJRVUZCUVVGblFVRkNkMEZCUVVGRlEwRkJRVWhCUVVGQllrRkNjRUZJVVVGWmQwSlRaRzQ0V0dOcVZVWTFSVzVIT0hadWFFUlFSUzh2ZEdOQ2FtUXlNMjFHVlc5QlJ6UkJaRkZDYzBGSGQwRkxVVUZCUVVFOVBTSXNDaUFnSWxOdlpuUjNZWEpsUlhoamJIVnphVzl1VEdsemRFWnZja1JsY0d4dmVXMWxiblFpT2lCYlhRcDkiLCJFbnRpdHlQYXRoIjoiIiwiRW50aXR5VHlwZSI6NiwiTHVyZURlcGxveW1lbnRDb250ZXh0Ijp7IkV4cGlyYXRpb25VdGMiOiIyMDI0LTA0LTIyVDEyOjE2OjQ1LjQ0NTE3NzVaIiwiSWQiOiJhZjlkNWY2YS1jNjZhLTRmYmMtOTkwZS00MzMwYmI4ZTZjODQiLCJDb3JyZWxhdGlvbklkIjpudWxsfSwiRmlsZUF0dHJpYnV0ZXMiOjAsIlVzZXJSaWQiOjkyNjEwMzg2MX0=}\" 2024-04-19T12:21:13.582 System Default 7192 SenseIR.exe 2024-04-19T12:21:11.307 NT AUTHORITY system S-1-5-18 8.45E+08 T1021.001 (bolster) Techniques 2024-04-19T12:22:10.987 6595e6522d8db8d92425250a4fe68dd7ce1fc1db PC1 LogonSuccess LITC fake account S-1-5-21-3977750084-2905094788-454684165-926103861 7c04ec2377e32b3c742f581f6c5437464dd2cf2 3247PKBT60B6DT25B34CP74B5889Ap10F1B3S72B4D4D95B5B25B54560B8 powershell.exe C:\\Windows\\System32\\WindowsPowerShell\\v1.0 8332 powershell.exe -ExecutionPolicy Bypass -NoProfile -NonInteractive -Command \"& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\\ProgramData\\Microsoft\\Windows Defender Advanced Threat Protection\\Downloads\\PSScript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::Read);$calculatedHash = Microsoft.PowerShell.Utility\\ Get-FileHash 'C:\\ProgramData\\Microsoft\\Windows Defender Advanced Threat Protection\\Downloads\\PSScript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.ps1' -Algorithm SHA256; if (!( $calculatedHash.Hash -eq '575497143631ed5cd604e7a1e8666187bd6acf421ad685273e559c0013179789')) { exit 323;}; Start-Transcript -Path 'C:\\ProgramData\\Microsoft\\Windows Defender Advanced Threat Protection\\Temp\\PSScriptOutputs\\PSScript_Transcript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.txt'; . 'C:\\ProgramData\\Microsoft\\Windows Defender Advanced Threat Protection\\Downloads\\PSScript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.ps1' -Id 3f884218-6a5a-4d02-8032-32ed7f90339a -Descriptor eyJEZXRlY3Rpb25LZXlzIjpbIk1va2h0YXIuU2hvc2hhbiJdLCJDb250ZW50IjoiZXdvZ0lDSlRaWEpwWVd4cGVtVmtUbXhTWldOdmNtUWlPaUFpU0dkQlNVRkNORUZJWjBGQlFVRkJRVUZCUVVGQlJGVTFUWHBqUVVGblFVRkJaMEZCUVVGblFVZEJRemNyY3pONU9UUXZZVUZSVVVGQlVVRkJRVUZCUVVGUlFVdEJRVUZCUVVGQlVVRkJRVUZHUVVFd1FVTmlWRGRNWW5SWVduUjVNbTlPUmtnek1FcGhNRlZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUWtGQlFVRkJRVUZCUVVGQlFVRkJRVU5CUVVGQlJHZEJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZVVVVKMlFVZHpRV0ZCUWpCQlIwVkJZMmRCZFVGR1RVRmhRVUoyUVVoTlFXRkJRbWhCUnpSQlFVRkNjMEZIYTBGa1FVSnFRVWQzUVdGUlFqQkJSMDFCVEdkQ2MwRkhPRUZaZDBKb1FVZDNRVlJSUW5aQlIzTkJZVUZDTUVGSFJVRmpaMEYxUVVaTlFXRkJRblpCU0UxQllVRkNhRUZITkVGUlFVSnpRVWRyUVdSQlFtcEJRelJCWWtGQ2RrRkhUVUZaVVVKelFVVXdRV0ozUW5KQlIyZEJaRUZDYUVGSVNVRk1aMEpVUVVkblFXSjNRbnBCUjJkQldWRkNkVUZCUVVGVVVVSjJRVWR6UVdGQlFqQkJSMFZCWTJkQlowRkdUVUZoUVVKMlFVaE5RV0ZCUW1oQlJ6UkJRVUZCUVVGblFVRkNkMEZCUVVGRlEwRkJRVWhCUVVGQllrRkNjRUZJVVVGWmQwSlRaRzQ0V0dOcVZVWTFSVzVIT0hadWFFUlFSUzh2ZEdOQ2FtUXlNMjFHVlc5QlJ6UkJaRkZDYzBGSGQwRkxVVUZCUVVFOVBTSXNDaUFnSWxOdlpuUjNZWEpsUlhoamJIVnphVzl1VEdsemRFWnZja1JsY0d4dmVXMWxiblFpT2lCYlhRcDkiLCJFbnRpdHlQYXRoIjoiIiwiRW50aXR5VHlwZSI6NiwiTHVyZURlcGxveW1lbnRDb250ZXh0Ijp7IkV4cGlyYXRpb25VdGMiOiIyMDI0LTA0LTIyVDEyOjE2OjQ1LjQ0NTE3NzVaIiwiSWQiOiJhZjlkNWY2YS1jNjZhLTRmYmMtOTkwZS00MzMwYmI4ZTZjODQiLCJDb3JyZWxhdGlvbklkIjpudWxsfSwiRmlsZUF0dHJpYnV0ZXMiOjAsIlVzZXJSaWQiOjkyNjEwMzg2MX0=}\" 2024-04-19T12:21:13.582 System Standard 7192 \\Device\\HarddiskVolume3\\Program Files\\Windows Defender Advanced Threat Protection\\SenseIR.exe 2024-04-19T12:21:11.307 nt authority system S-1-5-18 28952 {\"IsLocalLogon\":false} CachedRemoteInteractive Events 2024-04-19T12:22:10.987 6595e6522d8db8d92425250a4fe68dd7ce1fc1db PC1 LogonAttempted LITC fake account 7c04ec2377e32b3c742f581f6c5437464dd2cf2 3247PKBT60B6DT25B34CP74B5889Ap10F1B3S72B4D4D95B5B25B54560B8 powershell.exe C:\\Windows\\System32\\WindowsPowerShell\\v1.0 8332 powershell.exe -ExecutionPolicy Bypass -NoProfile -NonInteractive -Command \"& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\\ProgramData\\Microsoft\\Windows Defender Advanced Threat Protection\\Downloads\\PSScript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::Read);$calculatedHash = Microsoft.PowerShell.Utility\\ Get-FileHash 'C:\\ProgramData\\Microsoft\\Windows Defender Advanced Threat Protection\\Downloads\\PSScript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.ps1' -Algorithm SHA256; if (!( $calculatedHash.Hash -eq '575497143631ed5cd604e7a1e8666187bd6acf421ad685273e559c0013179789')) { exit 323;}; Start-Transcript -Path 'C:\\ProgramData\\Microsoft\\Windows Defender Advanced Threat Protection\\Temp\\PSScriptOutputs\\PSScript_Transcript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.txt'; . 'C:\\ProgramData\\Microsoft\\Windows Defender Advanced Threat Protection\\Downloads\\PSScript_{70971E03-A55E-4EC2-BC9B-A8F0173A83C3}.ps1' -Id 3f884218-6a5a-4d02-8032-32ed7f90339a -Descriptor eyJEZXRlY3Rpb25LZXlzIjpbIk1va2h0YXIuU2hvc2hhbiJdLCJDb250ZW50IjoiZXdvZ0lDSlRaWEpwWVd4cGVtVmtUbXhTWldOdmNtUWlPaUFpU0dkQlNVRkNORUZJWjBGQlFVRkJRVUZCUVVGQlJGVTFUWHBqUVVGblFVRkJaMEZCUVVGblFVZEJRemNyY3pONU9UUXZZVUZSVVVGQlVVRkJRVUZCUVVGUlFVdEJRVUZCUVVGQlVVRkJRVUZHUVVFd1FVTmlWRGRNWW5SWVduUjVNbTlPUmtnek1FcGhNRlZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUWtGQlFVRkJRVUZCUVVGQlFVRkJRVU5CUVVGQlJHZEJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZCUVVGQlFVRkJRVUZVVVVKMlFVZHpRV0ZCUWpCQlIwVkJZMmRCZFVGR1RVRmhRVUoyUVVoTlFXRkJRbWhCUnpSQlFVRkNjMEZIYTBGa1FVSnFRVWQzUVdGUlFqQkJSMDFCVEdkQ2MwRkhPRUZaZDBKb1FVZDNRVlJSUW5aQlIzTkJZVUZDTUVGSFJVRmpaMEYxUVVaTlFXRkJRblpCU0UxQllVRkNhRUZITkVGUlFVSnpRVWRyUVdSQlFtcEJRelJCWWtGQ2RrRkhUVUZaVVVKelFVVXdRV0ozUW5KQlIyZEJaRUZDYUVGSVNVRk1aMEpVUVVkblFXSjNRbnBCUjJkQldWRkNkVUZCUVVGVVVVSjJRVWR6UVdGQlFqQkJSMFZCWTJkQlowRkdUVUZoUVVKMlFVaE5RV0ZCUW1oQlJ6UkJRVUZCUVVGblFVRkNkMEZCUVVGRlEwRkJRVWhCUVVGQllrRkNjRUZJVVVGWmQwSlRaRzQ0V0dOcVZVWTFSVzVIT0hadWFFUlFSUzh2ZEdOQ2FtUXlNMjFHVlc5QlJ6UkJaRkZDYzBGSGQwRkxVVUZCUVVFOVBTSXNDaUFnSWxOdlpuUjNZWEpsUlhoamJIVnphVzl1VEdsemRFWnZja1JsY0d4dmVXMWxiblFpT2lCYlhRcDkiLCJFbnRpdHlQYXRoIjoiIiwiRW50aXR5VHlwZSI6NiwiTHVyZURlcGxveW1lbnRDb250ZXh0Ijp7IkV4cGlyYXRpb25VdGMiOiIyMDI0LTA0LTIyVDEyOjE2OjQ1LjQ0NTE3NzVaIiwiSWQiOiJhZjlkNWY2YS1jNjZhLTRmYmMtOTkwZS00MzMwYmI4ZTZjODQiLCJDb3JyZWxhdGlvbklkIjpudWxsfSwiRmlsZUF0dHJpYnV0ZXMiOjAsIlVzZXJSaWQiOjkyNjEwMzg2MX0=}\" 2024-04-19T12:21:13.582 System Default 7192 SenseIR.exe 2024-04-19T12:21:11.307 NT AUTHORITY system S-1-5-18 28951 Events 2024-04-19T12:22:09.728 6595e6522d8db8d92425250a4fe68dd7ce1fc1db PC1 InteractiveRemoteComponentInvocation LITC fake account S-1-5-21-3977750084-2905094788-454684165-926103861 1.71E+09 T1078 (Friends)/T1021.001 (Friends) Techniques 2024-04-19T12:22:09.728 6595e6522d8db8d92425250a4fe68dd7ce1fc1db PC1 WindowsDomainAccountLogonSuccess LITC fake account S-1-5-21-3977750084-2905094788-454684165-926103861 D398B9D68B555K9K6K041K8Pia8849D1A6B1AC4 63A75A4F57158Ba4D796A2414790FCD3694D8Ab9ED3A8942A9CBCD0B71691A lsass.exe C:\\Windows\\System32 824 lsass.exe 2024-04-18T08:04:00.305 System Default 928 wininit.exe 2024-04-18T08:04:00.107 NT AUTHORITY system S-1-5-18 9.6E+08 T1078.002 (bolster) Techniques 2024-04-19T12:22:09.728 6595e6522d8db8d92425250a4fe68dd7ce1fc1db PC1 LogonSuccess LITC fake account S-1-5-21-3977750084-2905094788-454684165-926103861 D398B9D68B555K9K6K041K8Pia8849D1A6B1AC4 63A75A4F57158Ba4D796A2414790FCD3694D8Ab9ED3A8942A9CBCD0B71691A lsass.exe C:\\Windows\\System32\\lsass.exe 824 lsass.exe 2024-04-18T08:04:00.305 System Standard 928 wininit.exe 2024-04-18T08:04:00.107 nt authority system S-1-5-18 28934 {\"IsLocalLogon\":false} RemoteInteractive Events thanks in advance ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"27186","kudosSumWeight":0,"repliesCount":1,"readOnly":false,"tags":{"__typename":"TagConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98MQ","node":{"__typename":"Tag","id":"tag:investigation","text":"investigation","time":"2019-01-31T13:58:58.496-08:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}}]},"timeToRead":7,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MTE5Mjg0LTU3MjkzN2kyMjU5QzQ2Q0IyODFCRDY1?revision=1\"}"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:4115985":{"__typename":"Conversation","id":"conversation:4115985","topic":{"__typename":"ForumTopicMessage","uid":4115985},"lastPostingActivityTime":"2024-04-16T22:06:46.790-07:00","solved":true},"User:user:2343319":{"__typename":"User","uid":2343319,"login":"msundman78","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"rank":{"__typename":"Rank","name":"Copper Contributor","color":"333333","rankStyle":"TEXT"},"avatar":{"__typename":"UserAvatar","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/m_assets/avatars/default/avatar-8.svg?time=0"},"id":"user:2343319"},"ForumTopicMessage:message:4115985":{"__typename":"ForumTopicMessage","subject":"Stream alerts from Defender for Cloud","conversation":{"__ref":"Conversation:conversation:4115985"},"id":"message:4115985","revisionNum":1,"uid":4115985,"depth":0,"board":{"__ref":"Forum:board:MicrosoftThreatProtection"},"author":{"__ref":"User:user:2343319"},"metrics":{"__typename":"MessageMetrics","views":543},"postTime":"2024-04-16T14:29:32.783-07:00","lastPublishTime":"2024-04-16T14:29:32.783-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Is it possible to have alerts originating from Defender to Cloud to use Defender XDR Streaming API to forward alerts to an Eventhub? If currently have event Streaming API configured in Defender XDR to forward alerts to our Graylog system which works fine for alerts originating from Defender for Endpoint ect, however when I generate test alerts in Defender for Cloud they appear on the Alerts page in the Security/Defender-portal, but they are not forwarded to our Eventhub. I've been able to work around it by configuring continuous export to Eventhub directly in Defender for Cloud instead, but just wonder if it is supposed to work via Defender XDR \"Streaming API\"? ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"689","kudosSumWeight":0,"repliesCount":1,"readOnly":false,"tags":{"__typename":"TagConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98MQ","node":{"__typename":"Tag","id":"tag:alerts","text":"alerts","time":"2018-02-26T22:00:55.393-08:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}}]},"timeToRead":1,"images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:4058310":{"__typename":"Conversation","id":"conversation:4058310","topic":{"__typename":"ForumTopicMessage","uid":4058310},"lastPostingActivityTime":"2024-02-21T13:32:16.157-08:00","solved":true},"User:user:2174647":{"__typename":"User","uid":2174647,"login":"SKadish","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"rank":{"__typename":"Rank","name":"Brass Contributor","color":"333333","rankStyle":"TEXT"},"avatar":{"__typename":"UserAvatar","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/m_assets/avatars/default/avatar-11.svg?time=0"},"id":"user:2174647"},"ForumTopicMessage:message:4058310":{"__typename":"ForumTopicMessage","subject":"Security Operator, but can add to TABL","conversation":{"__ref":"Conversation:conversation:4058310"},"id":"message:4058310","revisionNum":1,"uid":4058310,"depth":0,"board":{"__ref":"Forum:board:MicrosoftThreatProtection"},"author":{"__ref":"User:user:2174647"},"metrics":{"__typename":"MessageMetrics","views":825},"postTime":"2024-02-15T08:26:32.095-08:00","lastPublishTime":"2024-02-15T08:26:32.095-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" I currently have the Entra ID Security Operator PIM role activated, and I am able to add email addresses to the TABL, as well as managing Anti-Spam and Anti-Phishing policies. In the past, I've needed to be a Security Administrator to do this. Has something changed? If not, could this be an unintended consequence of me activating the MDO workloads for Unified RBAC? ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"387","kudosSumWeight":0,"repliesCount":4,"readOnly":false,"tags":{"__typename":"TagConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98MQ","node":{"__typename":"Tag","id":"tag:microsoft defender for office 365","text":"microsoft defender for office 365","time":"2020-10-08T11:30:26.675-07:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}},{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98Mg","node":{"__typename":"Tag","id":"tag:Response Actions","text":"Response Actions","time":"2023-01-13T09:38:51.495-08:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}}]},"timeToRead":1,"images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:4056469":{"__typename":"Conversation","id":"conversation:4056469","topic":{"__typename":"ForumTopicMessage","uid":4056469},"lastPostingActivityTime":"2024-02-18T05:16:46.582-08:00","solved":true},"ForumTopicMessage:message:4056469":{"__typename":"ForumTopicMessage","subject":"Defender XDR Unified RBAC - Cannot manage incidents","conversation":{"__ref":"Conversation:conversation:4056469"},"id":"message:4056469","revisionNum":1,"uid":4056469,"depth":0,"board":{"__ref":"Forum:board:MicrosoftThreatProtection"},"author":{"__ref":"User:user:2174647"},"metrics":{"__typename":"MessageMetrics","views":2246},"postTime":"2024-02-13T15:05:49.739-08:00","lastPublishTime":"2024-02-13T15:05:49.739-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" I've been configuring the new Defender XDR Unified RBAC roles, and two things that I cannot find permissions for are managing incidents and alerts. No matter what I configure, those buttons stay greyed out. This is despite configuring a role that has all Security Operations and Security Posture read and manage permissions. Other functions are working, for instance being able to block users via the TABL, or Search & Purge permissions. Can I please get some help? ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"533","kudosSumWeight":0,"repliesCount":6,"readOnly":false,"tags":{"__typename":"TagConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98MQ","node":{"__typename":"Tag","id":"tag:Incident Management","text":"Incident Management","time":"2019-02-14T22:13:45.400-08:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}},{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98Mg","node":{"__typename":"Tag","id":"tag:microsoft defender for endpoint","text":"microsoft defender for endpoint","time":"2020-10-20T05:09:28.319-07:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}},{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98Mw","node":{"__typename":"Tag","id":"tag:microsoft defender for office 365","text":"microsoft defender for office 365","time":"2020-10-08T11:30:26.675-07:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}},{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98NA","node":{"__typename":"Tag","id":"tag:Response Actions","text":"Response Actions","time":"2023-01-13T09:38:51.495-08:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}}]},"timeToRead":1,"images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:4043842":{"__typename":"Conversation","id":"conversation:4043842","topic":{"__typename":"ForumTopicMessage","uid":4043842},"lastPostingActivityTime":"2024-02-15T07:05:37.448-08:00","solved":true},"ForumTopicMessage:message:4043842":{"__typename":"ForumTopicMessage","subject":"Do Defender XDR Custom RBAC Roles stack?","conversation":{"__ref":"Conversation:conversation:4043842"},"id":"message:4043842","revisionNum":1,"uid":4043842,"depth":0,"board":{"__ref":"Forum:board:MicrosoftThreatProtection"},"author":{"__ref":"User:user:2174647"},"metrics":{"__typename":"MessageMetrics","views":520},"postTime":"2024-01-30T12:27:52.068-08:00","lastPublishTime":"2024-01-30T12:27:52.068-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Are permissions granted by Defender XDR Unified RBAC Custom Roles additive? For instance, if a user uses PIM to assume a role with permissions A & B, and then uses PIM a second time to assume a role with permissions C & D, will the user then have permissions A, B, C, & D? Or will they only have permissions C & D? ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"352","kudosSumWeight":0,"repliesCount":2,"readOnly":false,"tags":{"__typename":"TagConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98MQ","node":{"__typename":"Tag","id":"tag:automation","text":"automation","time":"2016-09-07T22:49:15.893-07:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}},{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98Mg","node":{"__typename":"Tag","id":"tag:microsoft defender for endpoint","text":"microsoft defender for endpoint","time":"2020-10-20T05:09:28.319-07:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}},{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98Mw","node":{"__typename":"Tag","id":"tag:microsoft defender for office 365","text":"microsoft defender for office 365","time":"2020-10-08T11:30:26.675-07:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}},{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98NA","node":{"__typename":"Tag","id":"tag:playbooks","text":"playbooks","time":"2020-10-19T08:31:04.449-07:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}},{"__typename":"TagEdge","cursor":"MjUuMXwyLjF8b3w1fF9OVl98NQ","node":{"__typename":"Tag","id":"tag:siem","text":"siem","time":"2020-05-15T10:40:08.156-07:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}}]},"timeToRead":1,"images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"CachedAsset:text:en_US-components/community/Navbar-1737115705000":{"__typename":"CachedAsset","id":"text:en_US-components/community/Navbar-1737115705000","value":{"community":"Community Home","inbox":"Inbox","manageContent":"Manage Content","tos":"Terms of Service","forgotPassword":"Forgot Password","themeEditor":"Theme Editor","edit":"Edit Navigation Bar","skipContent":"Skip to content","gxcuf89792":"Tech Community","external-1":"Events","s-m-b":"Small and Medium Businesses","windows-server":"Windows Server","education-sector":"Education Sector","driving-adoption":"Driving Adoption","microsoft-learn":"Microsoft Learn","s-q-l-server":"SQL Server","partner-community":"Microsoft Partner Community","microsoft365":"Microsoft 365","external-9":".NET","external-8":"Teams","external-7":"Github","products-services":"Products","external-6":"Power Platform","communities-1":"Topics","external-5":"Microsoft Security","planner":"Planner","external-4":"Microsoft 365","external-3":"Dynamics 365","azure":"Azure","healthcare-and-life-sciences":"Healthcare and Life Sciences","external-2":"Azure","microsoft-mechanics":"Microsoft Mechanics","microsoft-learn-1":"Community","external-10":"Learning Room Directory","microsoft-learn-blog":"Blog","windows":"Windows","i-t-ops-talk":"ITOps Talk","external-link-1":"View All","microsoft-securityand-compliance":"Microsoft Security","public-sector":"Public Sector","community-info-center":"Lounge","external-link-2":"View All","microsoft-teams":"Microsoft Teams","external":"Blogs","microsoft-endpoint-manager":"Microsoft Intune and Configuration Manager","startupsat-microsoft":"Startups at Microsoft","exchange":"Exchange","a-i":"AI and Machine Learning","io-t":"Internet of Things (IoT)","outlook":"Outlook","external-link":"Community Hubs","communities":"Products"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarHamburgerDropdown-1737115705000":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarHamburgerDropdown-1737115705000","value":{"hamburgerLabel":"Side Menu"},"localOverride":false},"CachedAsset:text:en_US-components/community/BrandLogo-1737115705000":{"__typename":"CachedAsset","id":"text:en_US-components/community/BrandLogo-1737115705000","value":{"logoAlt":"Khoros","themeLogoAlt":"Brand Logo"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarTextLinks-1737115705000":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarTextLinks-1737115705000","value":{"more":"More"},"localOverride":false},"CachedAsset:text:en_US-components/authentication/AuthenticationLink-1737115705000":{"__typename":"CachedAsset","id":"text:en_US-components/authentication/AuthenticationLink-1737115705000","value":{"title.login":"Sign In","title.registration":"Register","title.forgotPassword":"Forgot Password","title.multiAuthLogin":"Sign In"},"localOverride":false},"CachedAsset:text:en_US-components/nodes/NodeLink-1737115705000":{"__typename":"CachedAsset","id":"text:en_US-components/nodes/NodeLink-1737115705000","value":{"place":"Place {name}"},"localOverride":false},"CachedAsset:text:en_US-components/community/Category/CategoryActionMenu-1737115705000":{"__typename":"CachedAsset","id":"text:en_US-components/community/Category/CategoryActionMenu-1737115705000","value":{"toggleButtonLabel":"Open Menu","editCategorySettings.category":"Edit Category Settings","manageCategoryContent.category":"Manage Content","editPage":"Edit Page Template","actionMenu.title":"Menu","actionMenu.ariaLabel":"Menu"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageListTabs-1737115705000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageListTabs-1737115705000","value":{"mostKudoed":"{value, select, IDEA {Most Votes} other {Most Likes}}","mostReplies":"Most Replies","mostViewed":"Most Viewed","newest":"{value, select, IDEA {Newest Ideas} OCCASION {Newest Events} other {Newest Topics}}","newestOccasions":"Newest Events","mostRecent":"Most Recent","noReplies":"No Replies Yet","noSolutions":"No Solutions Yet","solutions":"Solutions","mostRecentUserContent":"Most Recent","trending":"Trending","draft":"Drafts","spam":"Spam","abuse":"Abuse","moderation":"Moderation","tags":"Tags","PAST":"Past","UPCOMING":"Upcoming","sortBymostRecent":"Sort By Most Recent","sortBymostRecentUserContent":"Sort By Most Recent","sortBymostKudoed":"Sort By Most Likes","sortBymostReplies":"Sort By Most Replies","sortBymostViewed":"Sort By Most Viewed","sortBynewest":"Sort By Newest Topics","sortBynewestOccasions":"Sort By Newest Events","otherTabs":" Messages list in the {tab} for {conversationStyle}","guides":"Guides","archives":"Archives"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageView/MessageViewInline-1737115705000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageView/MessageViewInline-1737115705000","value":{"bylineAuthor":"{bylineAuthor}","bylineBoard":"{bylineBoard}","anonymous":"Anonymous","place":"Place {bylineBoard}","gotoParent":"Go to parent {name}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Pager/PagerLoadMore-1737115705000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Pager/PagerLoadMore-1737115705000","value":{"loadMore":"Show More"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageTimeToRead-1737115705000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageTimeToRead-1737115705000","value":{"minReadText":"{min} MIN READ"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageSubject-1737115705000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageSubject-1737115705000","value":{"noSubject":"(no subject)"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageSolvedBadge-1737115705000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageSolvedBadge-1737115705000","value":{"solved":"Solved"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageBody-1737115705000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageBody-1737115705000","value":{"showMessageBody":"Show More","mentionsErrorTitle":"{mentionsType, select, board {Board} user {User} message {Message} other {}} No Longer Available","mentionsErrorMessage":"The {mentionsType} you are trying to view has been removed from the community.","videoProcessing":"Video is being processed. Please try again in a few minutes.","bannerTitle":"Video provider requires cookies to play the video. Accept to continue or {url} it directly on the provider's site.","buttonTitle":"Accept","urlText":"watch"},"localOverride":false},"CachedAsset:text:en_US-components/users/UserLink-1737115705000":{"__typename":"CachedAsset","id":"text:en_US-components/users/UserLink-1737115705000","value":{"authorName":"View Profile: {author}","anonymous":"Anonymous"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageView/MessageViewCard-1737115705000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageView/MessageViewCard-1737115705000","value":{"gotoParent":"Go to parent {name}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageTime-1737115705000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageTime-1737115705000","value":{"postTime":"Published: {time}","lastPublishTime":"Last Update: {time}","conversation.lastPostingActivityTime":"Last posting activity time: {time}","conversation.lastPostTime":"Last post time: {time}","moderationData.rejectTime":"Rejected time: {time}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageViewCount-1737115705000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageViewCount-1737115705000","value":{"textTitle":"{count, plural,one {View} other{Views}}","views":"{count, plural, one{View} other{Views}}"},"localOverride":false},"CachedAsset:text:en_US-components/kudos/KudosCount-1737115705000":{"__typename":"CachedAsset","id":"text:en_US-components/kudos/KudosCount-1737115705000","value":{"textTitle":"{count, plural,one {{messageType, select, IDEA{Vote} other{Like}}} other{{messageType, select, IDEA{Votes} other{Likes}}}}","likes":"{count, plural, one{like} other{likes}}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageRepliesCount-1737115705000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageRepliesCount-1737115705000","value":{"textTitle":"{count, plural,one {{conversationStyle, select, IDEA{Comment} OCCASION{Comment} other{Reply}}} other{{conversationStyle, select, IDEA{Comments} OCCASION{Comments} other{Replies}}}}","comments":"{count, plural, one{Comment} other{Comments}}"},"localOverride":false},"CachedAsset:text:en_US-components/tags/TagView/TagViewChip-1737115705000":{"__typename":"CachedAsset","id":"text:en_US-components/tags/TagView/TagViewChip-1737115705000","value":{"tagLabelName":"Tag name {tagName}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Pager/PagerSeeAllModal-1737115705000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Pager/PagerSeeAllModal-1737115705000","value":{"seeAllLink":"Show All","searchFieldAriaLabel":"Search","ariaLiveText":"{loading, select, true {Search results are loading} false {{count} results found} other {}}"},"localOverride":false},"CachedAsset:text:en_US-components/ideas/MessagesWidgetFilters-1737115705000":{"__typename":"CachedAsset","id":"text:en_US-components/ideas/MessagesWidgetFilters-1737115705000","value":{},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarDropdownToggle-1737115705000":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarDropdownToggle-1737115705000","value":{"ariaLabelClosed":"Press the down arrow to open the menu"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/OverflowNav-1737115705000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/OverflowNav-1737115705000","value":{"toggleText":"More"},"localOverride":false},"CachedAsset:text:en_US-components/common/OverflowSet-1737115705000":{"__typename":"CachedAsset","id":"text:en_US-components/common/OverflowSet-1737115705000","value":{"more":"More","allFilters":"All Filters","ariaLabel.collapseMoreFilters":"collapse more filters"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/users/UserAvatar-1737115705000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/users/UserAvatar-1737115705000","value":{"altText":"{login}'s avatar","altTextGeneric":"User's avatar"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/users/UserRank-1737115705000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/users/UserRank-1737115705000","value":{"rankName":"{rankName}","userRank":"Author rank {rankName}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/nodes/NodeIcon-1737115705000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/nodes/NodeIcon-1737115705000","value":{"contentType":"Content Type {style, select, FORUM {Forum} BLOG {Blog} TKB {Knowledge Base} IDEA {Ideas} OCCASION {Events} other {}} icon"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageUnreadCount-1737115705000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageUnreadCount-1737115705000","value":{"unread":"{count} unread","comments":"{count, plural, one { unread comment} other{ unread comments}}"},"localOverride":false},"CachedAsset:text:en_US-components/common/WidgetTagsFilter-1737115705000":{"__typename":"CachedAsset","id":"text:en_US-components/common/WidgetTagsFilter-1737115705000","value":{"prefixText":"Tagged"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/ranks/UserRankLabel-1737115705000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/ranks/UserRankLabel-1737115705000","value":{"altTitle":"Icon for {rankName} rank"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/tags/TagEditor-1737115705000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/tags/TagEditor-1737115705000","value":{"tag":"{label}","tagAddTitle":"Add a Tag","tagAddInlineTitle":"Tag","inputCreate":"New tag \"{tag}\"","inputPlaceholder":"Search tags...","remove":"Remove tag","popoverText":"This post must have at least one tag","adminPopoverText":"Turn off \"Require tags\" option to remove all the preset tags from this node","removeTagDialogTitle":"Remove Tag?","removeTagDialogBody":"Are you sure you want to remove this tag?{br}{tagName}","removeTagDialogButton":"Remove","addTag.ariaLabel":"Add a tag","removeTag.ariaLabel":"Remove tag {tagName}"},"localOverride":false}}}},"page":"/community/CategoryPage/CategoryPage","query":{"messages.widget.messagelistfornodebyrecentactivitywidget-tab-main-hogkux-0":"solutions","categoryId":"microsoft-defender-xdr"},"buildId":"rBSXYkarBGCCgv-Fy0Q8w","runtimeConfig":{"buildInformationVisible":false,"logLevelApp":"info","logLevelMetrics":"info","openTelemetryClientEnabled":false,"openTelemetryConfigName":"o365","openTelemetryServiceVersion":"25.1.0","openTelemetryUniverse":"prod","openTelemetryCollector":"http://localhost:4318","openTelemetryRouteChangeAllowedTime":"5000","apolloDevToolsEnabled":false,"inboxMuteWipFeatureEnabled":false},"isFallback":false,"isExperimentalCompile":false,"dynamicIds":["./components/community/Navbar/NavbarWidget.tsx","./components/community/Breadcrumb/BreadcrumbWidget.tsx","./components/customComponent/CustomComponent/CustomComponent.tsx","./components/messages/MessageListForNodeByRecentActivityWidget/MessageListForNodeByRecentActivityWidget.tsx","./components/occasions/OccasionListForNodeWidget/OccasionListForNodeWidget.tsx","./components/tags/TagWidget/TagWidget.tsx","./components/nodes/NodeSubscriptionAction/NodeSubscriptionAction.tsx","./components/community/Category/CategoryActionMenu/CategoryActionMenu.tsx","./components/external/components/ExternalComponent.tsx","../shared/client/components/common/List/UnstyledList/UnstyledList.tsx","./components/messages/MessageView/MessageView.tsx","./components/messages/MessageView/MessageViewInline/MessageViewInline.tsx","../shared/client/components/common/Pager/PagerLoadMore/PagerLoadMore.tsx","./components/messages/MessageView/MessageViewCard/MessageViewCard.tsx","../shared/client/components/common/List/UnwrappedList/UnwrappedList.tsx","./components/tags/TagView/TagView.tsx","./components/tags/TagView/TagViewChip/TagViewChip.tsx","../shared/client/components/common/Pager/PagerSeeAllModal/PagerSeeAllModal.tsx"],"appGip":true,"scriptLoader":[{"id":"analytics","src":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/pagescripts/1729284608000/analytics.js?page.id=CategoryPage&entity.id=category%3Amicrosoft-defender-xdr","strategy":"afterInteractive"}]}