Jan 19 2023 01:28 AM
Hello
After recent introduction of Cloud Apps in Defender portal (security.microsoft.com) we have noticed that some Schema went missing from Defender portal and Sentinel portal. We also missing ability to see timeline in alerts, check what user is logged into machine (from device level, it works from some alerts level but from all). I have seen one post mentioning missing timeline and advice to open ticket with MS support ( my company already did it, but we have receive information that there might be delays in support due queue in EMEA region). Have anyone else noticed it and is there any other way we can access DeviceInfo schema while we waiting for MS support.
Thank you in advance for any suggestions.