Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

MDfE and MDfB issues

Copper Contributor

Hello

 

I signed up for Defender for Business trial and it messed up my whole tenant. Problems are below. I was planning to preview MDfB first, and then if it goes well, discard MDfE P2 and use MDfB because it will be included in M365 Business Premium.

 

  • There are no device groups. I can't edit previously created device groups. MDfB creates device groups within Azure AD but I need to edit previously created device groups.
  • There is no API explorer. I don't have any place to execute API commands now.
  • Old devices are still not deleted. Retention period set to 30 days since I created my tenant (around July), but I see deleted devices from September.
  • Offboarding script has no effect. I already used it several times and it didn't remove a single device from the portal. Also API commands didn't remove anything either. All obsolete devices are showing as "Onboarded"
  • Security Recommendations are inaccurate. I am getting alerts for non-existent vulnerabilities. For example portal says Valve Steam application has CVE-2015-7985 from 2015, and MS Office has several CVEs even though they are using latest versions.
  • Software inventory has lots of missing applications. I doesn't even include Microsoft Edge.
  • I couldn't find how to add a category to Web Filtering. I need to block advertisements and tracker sites.
  • Even though there are two 3rd party security solutions distributed to the endpoints (Kaspersky Endpoint Security Cloud Plus, and Bitdefender Endpoint Security Tools) MDfB still recommends to use ASR rules, and other Windows Defender rules, even though Defender is disabled.
  • How can I push device data to the portal without waiting hours or even a day? I am using Sync command from Microsoft Endpoint Manager and also executing manual account sync from Windows account settings, but still Defender portal is not recognizing it. I want to apply changes and see threats in real time, like all other 3rd party security solutions do.

 

According to Microsoft docs highest level of subscription should take place but even though I assigned MDfE P2 license to my admins, they only see MDfB screens. I removed MDfB licenses from all users and assigned on P2 licenses, waited around one day but still no change.

6 Replies
Which portal are u opening? WDfB should be managed via security.microsoft.com. The full blown can still be managed from securitycenter.microsoft.com.

I think you should hit the “give feedback” button if you are using the old securitycenter url.
I am using new portal https://security.microsoft.com/ . https://securitycenter.microsoft.com is forwarding to the new portal.,
Disable the portal forwarding in the settings and try again if u see any difference in both portals.

@joeyvldnI disabled redirection but it is still redirecting from https://securitycenter.windows.com/ to https://security.windows.com/

Did u logoff? Thats required.
I restarted computer, deleted all cache and cookies, used different browser (FF), and also used a different admin user but still it is redirecting.

Also in the settings it is written "Automatically redirect all accounts in your organization from protection.office.com to security.microsoft.com, the new home of Microsoft Defender for Office 365. Note that this redirection setting only applies to security-related pages in protection.office.com." and https://security.microsoft.com/preferences2/portal_redirection goes to home page.