Forum Widgets
Latest Discussions
Available Alerts on Microsoft of Defenders
Hi All, Can anyone help identify whether the alerts mentioned in this article will generate incidents/alerts by default on Defender for Cloud and send them to Sentinel if it is integrated? https://learn.microsoft.com/en-us/azure/defender-for-cloud/alerts-windows-machines
Enhancing Governance Rules/Notifications with Risk-Based Recommendations
Hi everyone, I'm looking to improve how governance rules in Defender for Cloud integrate with risk-based recommendations from Defender for CSPM. Currently, governance rules measure against the severity of recommendations, but our users receive emails highlighting severity without any mention of risk. This has led to confusion because the default view in the portal sorts by risk. Is there a way to make governance rules more flexible to incorporate risk-based recommendations? Also, are there any upcoming integrations for different ticketing tools like Jira? Any advice or updates would be appreciated. Thanks!
Problems adding Defender for Business Server to a 2019 Windows server.
Hi. We recently purchased a one-year subscription to Microsoft Defender for Business Servers through a retailer. I've onboarded a Windows Server 2019 device using a PowerShell script, following Microsoft's guidance, since the server is not enrolled in Intune. The onboarding process appears to have been successful, as confirmed by event logs. However, the device isn't visible in the Microsoft Defender portal. Additionally, the Defender for Business Servers license isn't assigned to the device in the Office 365 admin center. Is it possible that I'm missing a configuration somewhere in one of the Admin centers (Defender, Office 365, etc.) so the license can be applied to the device? What additional steps might be required to ensure the device is visible in the Microsoft Defender portal and the license is assigned correctly?
Azure Secure Score Comparison for Similar Organizations
Is there a way to see comparison of Azure Secure Score for similar organizations like how Microsoft Secure Score in the Defender portal shows? For example, Microsoft Secure Score has the below options, and I am looking for a something similar in Azure Secure Score/Defender for Cloud Secure Score.
Filter/Exclude VMSS instances from Defender
We run Microsoft365 Defender for a variety of things, including endpoint and VM scanning. One annoyance we experience is that we can't find an easy way to filter out (or suppress entirely) Defender's scanning (or the results of that scanning) of instances in Virtual Machine Scale Sets that run our self-hosted Azure DevOps agents. My question is-- have others encountered this and do they have ideas for how to make this data more manageable? To explain a little more - we generally like that Defender scans our VM instances in Azure using "agentless" scanning, but there is one situation that leads to a lot of noise. We run a VMSS that hosts our Azure DevOps agents followingthis setup. These agents are run on "ephemeral" VMs that scale in and out depending on how many jobs are running. Any given VM won't exist for more than about 12 hours max and the images on which these VMs are based are rebuilt once a week. Accordingly in a given week, we might have several hundred (or more) VM instances that are created and torn down. The problem is that each of these now gets an entry in Defender which leads to a lot of noise in the analyses. In general, we don't mind being able to see reports on these VMs but they aren't really a priority due to the ephemeral nature of both the instances and the images on which they are built. We have looked into using tagging to filter them out but apparentlyyou can't apply tags to VMSS instances, and tags that are applied to the VMSS itself don't get picked up by Defender. Does anyone have any ideas for how to sanitize/normalize our Defender dashboards/reports against this type of workflow? The ideal would be an easy way to hide this information unless we explicitly want to see it, but I would also except a reliable way to not have it reported at all for this VMSS.
