Forum Widgets
Latest Discussions
Unsanctioned to all, exclude to some
Dear reader, I have configured the asset rules en device tagging. I need to deploy certain apps as unsanctioned to all W11 devices and exclude the same apps to certain devices who have a device tag I configured for exclusion. The problem i am having is that the devices that need to be excluded, with the device tag "Exclude" Are also part of the device tag "W11" I could exclude them from the W11 device tagging but that would mean they would be excluded from all other policies that are targeted to the W11 tag. Which is not desirable. I was hoping for a solution as how you would deploy in Intune, with includes and exludes groups, but it doenst look like the defender platform supports this. I have been testing with exclude entities but this does not give the result i am looking for. Can someone help me? Maybe you had the same issue and found something smart way around this? 🙂 Thank you in advance!
Conditional access policy not recognised
Hello everyone, We're evaulating Cloud Apps session/conditional access/session policies but have hit a weird snag. We have created a conditional access policy in EntraID with session control of Use Conditional Access App Control. This was initially set to Monitor Only (Preview) I then signed in with the test user and logged into the various 365 services, and confirmed these apps were onboarded into the Conditional Access App Control apps page. So far so good. However when I've attempted to create either a Access or Session Policy in the Cloud Apps Policy Management section, there is an error saying that there are no conditional access policies set up. I changed the conditional access policies in Entra ID to "Custom Policy" and waited a few hours, but still getting the error. I have created additional conditional access policies in EntraID from scratch and waited over night, but it still seems that EntraID and the Cloud Apps parts aren't talking with each other. When I create a policy, I get a warning that there isn't a corresponding CA policy. The Access/Session policy is reated, but has [Entra ID Policy Missing] in the title. I'm not sure where I'm going wrong with this. I've followed various guides and checked various forums but aside from the obvious I'm at a loss. Has anyone else come up against this before, or should I raise a ticket with MS to look at the back end? Thanks in advance, Mark
MCAS Log on Event
Last night I had a Sentinel alert for logon from IP address associated with password spray. Alert was triggered from threat indicator matching IP address. OK no big deal, wasn't a password spray. In tracking this down I see the user is external in MCAS. I find no files shared with the user, no teams message activity, no email to the user.... nothing. My question is, what could the logon event be from?
MCAS requirements for Log Collector
Hi all, this is my first question in the Microsoft Community. I have been reviewing the requisites for MCAS log collector and I wanted to understand why does the machine hosting the log collector needs at least 250 GB disk, as this appliance sends every 40KB to MCAS and stores up to 20 backup files. Thanks in advance, BenjaminAdmin Quarantine Location on Defender for Cloud Apps keeps going blank
Hi, I am facing an issue where when I select a file location for admin quarantine on Defender for Cloud Apps, that file path just vanishes away the next day and it comes up as a blank location. I tried changing the SharePoint site multiple times but it still goes blank after a day. Has anybody encountered this lately ?
block Unsanction app in cloud
Similar queries as previously mentioned from one of the User; I'm just getting started with Microsoft Defender for Cloud Apps but have already worked a bit with it when it was still named Cloud App Security. Right now, I'm looking into the Cloud Discovery features. While trying out the Unsanctioned feature for some apps, I ran into the problem that they only get blocked if the user is using Microsoft Edge. If the user uses Chrome or Firefox, the app doesn't get blocked. I integrated MDCA with Microsoft Defender for Endpoint. What am I missing? Does anyonce from Microsoft; kindly jump into and give guidance thanks palash
New Blog | Introducing the new File Integrity Monitoring with Defender for Endpoint integration
ByGal Fenigshtein As part of the Log Analytics agent deprecation, Defender for Servers has introduced anew simplification strategyaiming at significantly simplifying the onboarding process and requirements needed to protect servers in the cloud, while enhancing existing capabilities and adding new ones. According to this strategy, all Defender for Servers capabilities are provided over Defender for Endpoint or cloud-native capabilities and agentless scanning for VMs, without relying on either Log Analytics Agent (MMA) or Azure Monitor Agent (AMA). This hybrid approach combines the strengths of agent-based and agentless protection, offers multi-layered security for servers. While the agent provides in-depth security and real-time detection and response, agentless and cloud-native capabilities deliver enhanced coverage, full visibility within hours, with no performance impact on machines. Security findings from both, agent-based and agentless approaches, are seamlessly integrated in Defender for Cloud, tailored to protect servers in multicloud environments. Read the full post here:Introducing the new File Integrity Monitoring with Defender for Endpoint integrationDavidFernandesSep 27, 2024Microsoft
