Forum Widgets
Latest Discussions
Available Alerts on Microsoft of Defenders
Hi All, Can anyone help identify whether the alerts mentioned in this article will generate incidents/alerts by default on Defender for Cloud and send them to Sentinel if it is integrated? https://learn.microsoft.com/en-us/azure/defender-for-cloud/alerts-windows-machinestalkingpointDec 11, 2024Copper Contributor19Views0likes1CommentEnhancing Governance Rules/Notifications with Risk-Based Recommendations
Hi everyone, I'm looking to improve how governance rules in Defender for Cloud integrate with risk-based recommendations from Defender for CSPM. Currently, governance rules measure against the severity of recommendations, but our users receive emails highlighting severity without any mention of risk. This has led to confusion because the default view in the portal sorts by risk. Is there a way to make governance rules more flexible to incorporate risk-based recommendations? Also, are there any upcoming integrations for different ticketing tools like Jira? Any advice or updates would be appreciated. Thanks!grahamobrienDec 10, 2024Copper Contributor19Views0likes0CommentsProblems adding Defender for Business Server to a 2019 Windows server.
Hi. We recently purchased a one-year subscription to Microsoft Defender for Business Servers through a retailer. I've onboarded a Windows Server 2019 device using a PowerShell script, following Microsoft's guidance, since the server is not enrolled in Intune. The onboarding process appears to have been successful, as confirmed by event logs. However, the device isn't visible in the Microsoft Defender portal. Additionally, the Defender for Business Servers license isn't assigned to the device in the Office 365 admin center. Is it possible that I'm missing a configuration somewhere in one of the Admin centers (Defender, Office 365, etc.) so the license can be applied to the device? What additional steps might be required to ensure the device is visible in the Microsoft Defender portal and the license is assigned correctly?jortegaDec 06, 2024Copper Contributor16Views0likes0Comments- anujchakka506Dec 03, 2024Copper Contributor13Views0likes0Comments
Microsoft defender for cloud signature updates
What is the frequency of microsoft defender for cloud signature updates?GuillerminaTM07Dec 03, 2024Copper Contributor38Views0likes1CommentDefender for Cloud CSPM for Arc VMs
Hi Team, Could you please clarify whether Arc-enabled VMs in on-premises environments count as billable resources for Defender CSPM (the paid plan vs foundational)? The table that lists billable resources herehttps://learn.microsoft.com/en-gb/azure/defender-for-cloud/concept-cloud-security-posture-management#plan-pricing does not include "microsoft.hybridcompute/machines" , so am I correct in thinking that Arc-enabled VMs won't be billed as a CSPM resource? What if any Defender CSPM capabilities are available for Arc-enabled VMs? Is there a way to view what billable resources I have in the portal? Thanks, T.Solvedpikatom123Dec 03, 2024Copper Contributor32Views0likes1CommentDefender for Storage Malware Scanning - Blob Size Limit - GB or GiB?
Hi,I was wondering whether the file size limit for Defender for Storage Malware Scanning is measured in Gigabytes or Gibibytes? e.g. 2,000,000,000 Bytes vs 2,147,000,000 Bytes? Thank youednashDec 02, 2024Copper Contributor18Views0likes1CommentAzure Secure Score Comparison for Similar Organizations
Is there a way to see comparison of Azure Secure Score for similar organizations like how Microsoft Secure Score in the Defender portal shows? For example, Microsoft Secure Score has the below options, and I am looking for a something similar in Azure Secure Score/Defender for Cloud Secure Score.MathewsNov 26, 2024Copper Contributor66Views0likes1CommentFilter/Exclude VMSS instances from Defender
We run Microsoft365 Defender for a variety of things, including endpoint and VM scanning. One annoyance we experience is that we can't find an easy way to filter out (or suppress entirely) Defender's scanning (or the results of that scanning) of instances in Virtual Machine Scale Sets that run our self-hosted Azure DevOps agents. My question is-- have others encountered this and do they have ideas for how to make this data more manageable? To explain a little more - we generally like that Defender scans our VM instances in Azure using "agentless" scanning, but there is one situation that leads to a lot of noise. We run a VMSS that hosts our Azure DevOps agents followingthis setup. These agents are run on "ephemeral" VMs that scale in and out depending on how many jobs are running. Any given VM won't exist for more than about 12 hours max and the images on which these VMs are based are rebuilt once a week. Accordingly in a given week, we might have several hundred (or more) VM instances that are created and torn down. The problem is that each of these now gets an entry in Defender which leads to a lot of noise in the analyses. In general, we don't mind being able to see reports on these VMs but they aren't really a priority due to the ephemeral nature of both the instances and the images on which they are built. We have looked into using tagging to filter them out but apparentlyyou can't apply tags to VMSS instances, and tags that are applied to the VMSS itself don't get picked up by Defender. Does anyone have any ideas for how to sanitize/normalize our Defender dashboards/reports against this type of workflow? The ideal would be an easy way to hide this information unless we explicitly want to see it, but I would also except a reliable way to not have it reported at all for this VMSS.sam-mfbNov 20, 2024Copper Contributor303Views1like6Comments
Resources
Tags
- cloud security91 Topics
- cloud security posture management33 Topics
- security31 Topics
- Azure Defender for Servers21 Topics
- azure19 Topics
- threat protection19 Topics
- microsoft defender for endpoint19 Topics
- vulnerabilities15 Topics
- best practices12 Topics
- Security Controls12 Topics