No Security Alerts in Azure Defender

%3CLINGO-SUB%20id%3D%22lingo-sub-1717228%22%20slang%3D%22en-US%22%3ENo%20Security%20Alerts%20in%20Azure%20Defender%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1717228%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20community%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFor%20some%20or%20other%20reason%20I've%20stopped%20seeing%20Security%20Alerts%20in%20Azure%20Defender.%20This%20is%20not%20typical%20for%20this%20environment.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22SebastiaanR_0-1601195501865.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F222420i9BF5B897B330559E%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20title%3D%22SebastiaanR_0-1601195501865.png%22%20alt%3D%22SebastiaanR_0-1601195501865.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20Owner%20permissions%20on%20the%20subscription%2C%20and%20Standard%20pricing%20applied%20across%20the%20environment.%20I%20can%20see%20the%20devices%20in%20MDATP.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20idea%20why%20no%20security%20alerts%20will%20be%20displayed%20in%20here%2C%20and%20any%20suggestions%20on%20how%20I%20can%20test%20to%20make%20sure%20things%20are%20all%20good%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETIA%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1741795%22%20slang%3D%22en-US%22%3ERe%3A%20No%20Security%20Alerts%20in%20Azure%20Defender%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1741795%22%20slang%3D%22en-US%22%3EHi%2C%3CBR%20%2F%3EThanks%20for%20the%20response.%3CBR%20%2F%3E%3CBR%20%2F%3EAs%20mentioned%2C%20I've%20confirmed%20that%20standard%20pricing%20is%20enabled%2C%20and%20a%20workspace%20is%20configured.%20Everything%20used%20to%20work%20without%20any%20issue.%3CBR%20%2F%3EI'll%20keep%20an%20eye%20on%20any%20alerts%20when%20performing%20the%20test%20you%20mentioned.%3CBR%20%2F%3E%3CBR%20%2F%3EThanks%3C%2FLINGO-BODY%3E
Contributor

Hi community,

 

For some or other reason I've stopped seeing Security Alerts in Azure Defender. This is not typical for this environment.

 

SebastiaanR_0-1601195501865.png

 

I have Owner permissions on the subscription, and Standard pricing applied across the environment. I can see the devices in MDATP.

 

Any idea why no security alerts will be displayed in here, and any suggestions on how I can test to make sure things are all good?

 

TIA

 

2 Replies

@SebastiaanR Did you check pricing&settings? When you click your subscription, you see the settings:

-Akos-_0-1601317900228.png

In data collection you should have a workspace (I also have in continuous export a workspace configured)

 

You could test on a VM by opening up PowerShell, and typing "invoke-webrequest https://secure.eicar.org/eicar.com -OutFile bla.com" which tries to download a test-virus on your VM (harmless). You should see stuff happening in ASC

Hi,
Thanks for the response.

As mentioned, I've confirmed that standard pricing is enabled, and a workspace is configured. Everything used to work without any issue.
I'll keep an eye on any alerts when performing the test you mentioned.

Thanks