Hello
@MudslideyoTo find VPN-related events in the Microsoft Defender for Endpoint portal, you can follow these steps:
Sign in to the Microsoft Defender for Endpoint portal at
https://security.microsoft.com.
Navigate to the "Incidents" or "Threat & Vulnerability Management" section. The exact location of these options may vary depending on the portal's interface.
Look for a filter or search bar that allows you to specify event types or keywords. In this case, you can enter "VPN" or related terms to filter the events specifically related to VPN activities.
Alternatively, you can also check the "Alerts" section or any other relevant sections where security events and alerts are displayed. Look for events with VPN-related indicators, such as IP addresses, connection status, or authentication failures.
If the portal provides an advanced search option, you can use it to create a custom query to filter VPN-related events. For example, you can search for events related to specific VPN protocols (e.g., OpenVPN, IKEv2, L2TP) or events associated with VPN-related keywords (e.g., "VPN connection established," "VPN authentication failed").
It's important to note that the steps provided above are general guidelines, and the actual process may vary depending on the interface and features of the Microsoft Defender for Endpoint portal. If you're unable to find the VPN-related events using these steps, it might be helpful to consult the portal's documentation or contact Microsoft support for further assistance.
