Forum Widgets
Latest Discussions
Unified detection rule management
Hi, I attended the webinar yesterday regarding the new unified custom detection rules in Defender XDR. I was wondering about the management of a library of rules. As with any SOC, our solution has a library of custom rules which we manage in a release cycle for a number of clients in different Tenants. To avoid having to manage rules individually we use the JSON approach, importing the library so it will update rules that we need to tune. Currently I'm not seeing an option to import unified detection rules in Defender XDR via JSON. Is that a feature that will be added? Thanks ZivMicrosoft Sentinel device log destination roadmap
I just attended the 11/5/2025 Microsoft webinar "Adopting Unified Custom Detections in Microsoft Sentinel via the Defender Portal: Now Better Than Ever" and my question posted to Q&A was not answered by the team delivering the session. The moderator told us that if our question was not answered we were to post the question in this forum. Here is the question again: "Will firewall and other device logs continue to go to Azure Log Analytics indefinitely? By Indefinitely I mean not changing in the roadmap to something else like Data Lake or Event Grid/Service Bus, etc." Thank you, JohnQuestion malware detected Defender for Windows 10
Why did my Microsoft Defender detect a malicious file in AppData\Roaming\Secure\QtWebKit4.dll (Trojan:Win32/Wacatac.C!ml) during a full scan and the Kaspersky Free and Malwarebytes Free scans didn't detect it? Was it maliciously modifying, corrupting, or deleting various files on my PC before detection? I sent it to Virus Total, the hash: 935cd9070679168cfcea6aea40d68294ae5f44c551cee971e69dc32f0d7ce14b Inside the same folder as this DLL, there's another folder with a suspicious file, Caller.exe. I sent it to Virus Total, and only one detection from 72 antivirus programs was found, with the name TrojanPSW.Rhadamanthys. VT hash: d2251490ca5bd67e63ea52a65bbff8823f2012f417ad0bd073366c02aa0b3828Question many malwares types and files
What are the names of types of malware that acess, modify, delete, or corrupt PC hdd and ssd files (Windows files and personal files, games, music, executables, ISO, IMG, RAR, ZIP, 7Z)? Does all malware have the potential to do this? In this case, how are the malware QtWebKit4.dll (Trojan:Win32/Wacatac.C!ml), Caller.exe (DrWeb detects Trojan.DownLoader47.36298), and Caller.exe (VBA32 detects TrojanPSW.Rhadamanthys) classified?How to Resolve Microsoft Authenticator App Issues
The Microsoft Authenticator app is a critical tool for securing accounts through multi-factor authentication (MFA). However, users may sometimes experience issues such as login failures, missing notifications, or app crashes. This guide will walk you through troubleshooting and resolving common Microsoft Authenticator app problems. https://dellenny.com/how-to-resolve-microsoft-authenticator-app-issues/
Exclude Devices from Secure Score
I have a scenario where DevOps devices are spun up in the environment and onboarded to Defender then after very short periods of time never used again. Leaving thousands of devices onboarded which are not in use/live anymore. With the devices being onboarded to DFE this affects the Secure Score significantly, the hosts use a specific host name prefix and we were looking to see if there was a way to have Secure Score exclude these devices as they greatly impact the overall %.
ADR: Audited detections not showing in Microsoft Defender
Hi all, I am trying to figure out why the Attack surface reduction rules report does not show me any audited detections. Specifically, I am testing out the rule Block process creations originating from PSExec and WMI commands in Audit mode. A test was run on the endpoint by starting a WMI process and an event was logged to Event Viewer → Applications and Services Logs → Microsoft → Windows → Windows Defender → Operational. Any ideas?
Defender tagging based on Intune App policy
Will the issue about tagging devices in the security centre with MDE-management ever be resolved? this has been ongoing for over 10 months and will allow us to smoothly tag and group items in the defender section a whole lot easier. For some of our clients we NEED this as the current abilities are so basic and useless considering defenders awful naming method. "Use of dynamic device tagging capabilities in Defender for Endpoint to tag devices with MDE-Management isn't currently supported with security settings management. Devices tagged through this capability don't successfully enroll. This is currently under investigation." https://learn.microsoft.com/en-us/defender-xdr/configure-asset-rulesLittle warning on the new Purview suite for M365BP
Microsoft introduced a highly needed and expected compliance suite add-on for Microsoft 365 Business Premium. Microsoft Purview Suite for Business Premium: $10/user/month Microsoft 365 BP are unable to add Microsoft 365 E5 Compliance suite $12/user/month and forced to move to M365E3 to be able to add this product. So as a Microsoft partner I was delighted to see that Microsoft introduced this new product and made it possible to give SMB customers the tools they need to comply with all kinds of regulations. BUT: What a disappointment it is, this new product. It is a lame strip down version of the E5 Compliance suite and missing essential functionality that regulated SMB customers badly need. What the was going on in de mind of the product manager who is responsible for this product. Besides missing crucial functionality like Compliance Manager, Compliance Portal and Privilege Access Management it also misses in product features. Some examples: Data Loss Prevention: Great for protection your sensitive information leaking out of your organisation, but with a little more investigation, I found out that Administrative Units is not supported Information Protection: Automatic Labels is not supported Insider Risk management: No Adaptive Protection Compliance Manager: No Policies, No Alerts DSPM for AI: No Policies So, Microsoft come on, you can do better than this and embrace SMB’s more seriously and make E5 compliance available like you did with E5 security for M365BP users and stop with this lame and incomplete product. My recommendation to M365BP customers who need Compliance add-on, don’t buy this new suite, unless you don’t need the above functionality.
