Forum Widgets
Latest Discussions
AD connect not sync device objects
Hello, I have a challenge. I installed AD connect the user objects are synchronized. Only the device objects are not synchronized. AD connect for device sync is configured correctly. As soon as I create a new device object in AD (in the same OU as the existing device objects / same group membership) it is synchronized. Only the existing device objects are not synchronized. I think it may be due to the security permissions of the device objects. How can I check it? Which security permissions the sync user needs on the device objects? What can I do to ensure that the device objects are synchronized? Thank you for your support? Regards StefanSpotlight on ‘Velocities’ in Dynamics 365 Fraud Protection
We are excited to bring you our latest weekly spotlight series edition. This week, we are focusing on the frequently asked questions about ‘Velocities’ in DFP. Check out all the Q&A details below. Your input is invaluable, so please feel free to reply with any questions or for more information in the Fraud Protection Tech Community. Best regards, DFP Product Team 1. What are velocities in Microsoft Dynamics 365 Fraud Protection? While Lists, ML scores, and other payload attributes give you insight into the current event that is being processed, we also have velocities that will help you consider past behavior as well. Velocities give insights into historical patterns of an individual or entity. It helps answer questions like 'how many attempted transactions coming from the same emails? Or how many unique users or IP addresses? Or how many login attempts happened in a certain amount of time such as 5 or 10 minutes? Perhaps, I want to block anyone who tries to login into the web site more than 3 times in under ten minutes then I can do that. Velocities help identify patterns of events that occur over a period of time, which can be monitored to identify potentially fraudulent activity. By defining velocities, you can set thresholds to flag activities as suspicious when they exceed certain limits. References: Perform velocity checks - Dynamics 365 Fraud Protection | Microsoft Learn 2. How would someone use velocities in fraud protection? Velocities can be used in various ways, such as: Setting Rules: Define rules using velocities to automatically flag transactions that exceed predefined thresholds. Monitoring Patterns: Keep an eye on the frequency and volume of events associated with user accounts, payment instruments, or IP addresses. Investigating Anomalies: Use velocity data to investigate and understand unusual patterns that could indicate fraudulent behavior. References: Perform velocity checks - Dynamics 365 Fraud Protection | Microsoft Learn 3. Can you provide examples of velocities? Yes, here are a few examples: Total Spending Per User: This velocity tracks the sum of money spent by each user over a specified time frame. IP Address Usage: This velocity monitors the number of times an IP address is used to create new accounts. Device ID Checks: This velocity observes how often a particular device ID is used in transactions. References: Perform velocity checks - Dynamics 365 Fraud Protection | Microsoft Learn 4. Are there any system-defined velocities? Yes, Dynamics 365 Fraud Protection creates several system-defined velocities per environment, such as email, payment instrument, IP, and device ID velocities. These can be customized to fit the specific needs of your business. References: Perform velocity checks - Dynamics 365 Fraud Protection | Microsoft Learn 5. Why isn't my velocity rule being hit by some transactions even though the conditions are met? Microsoft D365 Fraud Protection is a distributed system. In a distributed system, events can happen concurrently and there is no sequence/order between them if they arrive at the same time. (For transactions that come in at the same time, DFP does not block one transaction for the other.) From a velocity standpoint, which would mean that multiple transactions sent at the same time can be considered the “first one” and in these cases can influence the aggregate count of the velocity. One potential way to mitigate this on the customer side would be for you to sequentially execute your transactions one by one (i.e., only send the next transaction after the previous one is done being processed), however this may not be a desired behavior as it would result in longer latencies for those transactions that get executed later. References: Perform velocity checks - Dynamics 365 Fraud Protection | Microsoft Learn 6. Do you recommend using device ID to set up a velocity rule? In Microsoft Dynamics 365 Fraud Protection, setting up velocity rules using device ID can be an effective method to identify suspicious activity patterns. For instance, velocity checks can help you spot patterns such as a single credit card quickly placing many orders from a single IP address or device, which might indicate potential fraud. You can define velocities using the SELECT, FROM, WHEN, and GROUPBY keywords, and device ID can be a useful attribute to GROUPBY in your velocity definition. It is important to tailor the velocity rules to the specific patterns and behaviors that are indicative of fraud in your business context. The device ID can be a valuable attribute to monitoring, especially if device-related fraud is a concern for your organization. Always ensure that the field you want to observe for velocity is part of the API call and consider the specific conditions and thresholds that are relevant to your business when defining these rules. References: Perform velocity checks - Dynamics 365 Fraud Protection Manage rules - Dynamics 365 Fraud Protection | Microsoft Learn 7. In the recommended rules, there are velocity-based rules. How did you set the threshold for those velocity-based rules? The threshold for velocity-based rules in Microsoft Dynamics 365 Fraud Protection is typically set based on historical data analysis and the specific fraud patterns observed within your organization. It involves identifying the normal transaction velocity for legitimate users and then setting thresholds that would flag transactions as suspicious when they exceed this normal velocity. It is important to continuously monitor and adjust these thresholds as fraud patterns evolve and as you gather more data on user behavior. Collaboration with your fraud management team and using machine learning models can also help in dynamically adjusting these thresholds to improve fraud detection accuracy. 8. Where can I find more information on setting up velocities? You can find detailed instructions and examples on the official Microsoft documentation site for Dynamics 365 Fraud Protection here:Perform velocity checks - Dynamics 365 Fraud Protection | Microsoft Learn
Adaptive Scope Sytntax
Hi. I have a requirement to scope only "UserMailbox" data in an Adaptive scope to ensure only user mailbox data is retained and deleted > 7years and shared mailbox is not in scope and retained forever. This scope will then be used in Adaptive Exchange Online Retention policy to Retain and then delete email > 7years old. Could anyone help me define the syntax to use in the query please? I have used the following but am not sure if this is correct even though it never failed when I completed the Adaptive Scope RecipientTypeDetails -eq 'UserMailbox' Thanks in Advance Chris
DLP Policy Tip Stopped Working in SharePoint/OneDrive
Greetings, I created a DLP policy in Microsoft Purview several years ago to display a policy tip to users and it has been working until recently. No changes have been made to the policy. Now, when I go to a SharePoint document library, whether I hover on a sensitive document to see the "View policy tip" or select on the details pane, I no longer see the policy tip information. If I try to share the sensitive document, I also see the "View policy tip". However, this time it shows a Policy tip details dialog box "Policy tip couldn't be displayed. Please try again." Has anyone seen this? Could you share the solution to fix it? Thanks!
Secure Score - Secure Home Folders in macOS
I've performed the recommended manual remediation action (sudo chmod -R og-rw /Users/) on my Macs but Secure Score doesn't recognize it. I have noticed this occurringfor a few item. We have also remediated some things through InTune but still seem to have no movement on the SecureScore. Is this a glitch within or am I missing something altogether. ThanksAdditional commonly asked Q&A related to Search in DFP continued
Hello everyone, We are excited to continue our weekly spotlight series with a focus on frequently asked questions about DFP's Search feature. To assist you in navigating and optimizing this feature, we've compiled a comprehensive Q&A that you can find below. If you need further clarification or have additional questions, feel free to reply here in the Fraud Protection forum. We value your feedback and are here to help. Kind regards, DFP Product Team 1. What is Search and how does it work? In Microsoft Dynamics 365 Fraud Protection, the search functionality allows fraud investigators and support agents to locate and investigate specific transactions and associated data. This capability is essential for quickly resolving customer issues, analyzing fraudulent activities, and taking appropriate action. How it works: Initiate Search: The user navigates to the appropriate section (e.g., Purchase) and enters the search criteria in the search field. View Results: The system returns a list of transactions that match the search criteria. Users can click on any transaction to view expanded details. Investigate and Take Action: Based on the detailed information provided, fraud investigators can determine the legitimacy of a transaction and decide on the appropriate course of action, such as unblocking a customer or flagging a transaction for further review. References: Search - Dynamics 365 Fraud Protection | Microsoft Learn 2. How can I enable Search? To enable the Search feature in Microsoft Dynamics 365 Fraud Protection, you need to have Product Admin role permissions. Here are the steps to enable Search: Sign in to the Dynamics 365 Fraud Protection portal with your Product Admin role credentials. Go toSettings and select theSearchtab. Toggle the switch toOn to provision search for your Fraud Protection tenant. Once enabled, you can use the search to find and review transactions and events in Fraud Protection. Please note that you cannot turn off the search feature after enabling it. References: Search - Dynamics 365 Fraud Protection | Microsoft Learn 3. Are null values supported in search? In Microsoft Dynamics 365 Fraud Protection, null values are supported in search. TheIs nulloperator can be used to find records that aren't required on payloads and with an unknown value: 1) not on the payload or 2) with a null value. Example: Search for payloads where a user ID value isn't required on the payload and unknown. References: Search - Dynamics 365 Fraud Protection | Microsoft Learn 4. When I exported a CSV it changed all the numbers to scientific notations. Why did this happen & how do I fix it? The issue you're experiencing with numbers changing to scientific notation in a CSV file is a common occurrence when opening CSV files in Excel. This happens because Excel automatically formats numbers that are longer than a certain length (usually more than 10 digits) into scientific notation to save space in the cell. Here's how you can fix it: Open the CSV with a Text Editor: If you open the CSV file with a text editor like Notepad, you will see the full numbers without scientific notation. This confirms that the CSV file itself is correct. Format as Text in Excel: When opening the CSV in Excel, you can prevent numbers from being displayed in scientific notation by formatting the cells as text before importing the data. Here's how: Open Excel and go to the "Data" tab. Choose "From Text/CSV" to import your CSV file. In the import wizard, select the column with the numbers. Change the column's data format to "Text". Finish the import process. Text to Columns Wizard: Another method is to use the Text to Columns wizard in Excel: Open the CSV file in Excel. Select the column with the scientific notation. Go to the "Data" tab and select "Text to Columns". Choose "Delimited" and click "Next". Uncheck all delimiters and click "Next". Select "Text" as the column data format and finish the wizard. Prevent Automatic Formatting: To prevent Excel from automatically formatting large numbers in scientific notation, you can also add an apostrophe (') before the number in the CSV file. This forces Excel to treat the number as text. Please note that these steps are general guidelines and the exact process may vary depending on the version of Excel you are using. 5. How long is search data available for? In Microsoft Dynamics 365 Fraud Protection, you can search for events and transactions within a timeframe of up to the past 13 months. References: Search - Dynamics 365 Fraud Protection | Microsoft Learn 6. Is there a cost for search to be on? Is there a downside to search being on? There is no cost or downside to enabling search. Note: You can't turn search off after you enable it. 7. Exporting data to CSV for analysis: can it be accessed or pushed to PowerPivot or similar so a large volume of data can be analyzed? Once the search data has been exported and downloaded as a CSV, the user can choose how to analyze this data, including pushing it to our tools like PowerPivot. DFP also supports event tracing if the user desires to export data regularly. Once the data has been traced to the data store defined, the customer can analyze this data in any way they choose. References: Search - Dynamics 365 Fraud Protection | Microsoft Learn Event tracing - Dynamics 365 Fraud Protection | Microsoft LearnAdditional commonly asked Q&A related to ‘Device Fingerprinting’ in DFP continued
We're excited to keep our weekly spotlight series going on various topics within our Microsoft Fraud Protection Tech Community to help you maximize the benefits of Microsoft Dynamics 365 Fraud Protection (DFP). This week, we're continuing our focus on commonly asked questions about DFP 'Device Fingerprinting' which you can check out the Q&A details here: If you have any questions, please feel free to reach out in the Fraud Protection Tech Community. Your feedback is incredibly valuable to us. Best wishes, DFP Product Team ------------------ 1. Is device fingerprinting necessary? For DFP to provide the most accurate scores, device fingerprinting is highly recommended as it provides hundreds of device attributes. These critical attributes are used by DFP's machine learning to constantly improve the accuracy of your system. For more information, see the DFP Documentation site: Overview of device fingerprinting - Dynamics 365 Fraud Protection | Microsoft Learn 2. What is DFP Device Fingerprinting and how does it work? For a description of DFP Device Fingerprinting and how it works, please refer to the following DFP documentation: Overview of device fingerprinting - Dynamics 365 Fraud Protection | Microsoft Learn 3. What data isretained by DFP Device Fingerprinting and for how long? The data collected by the device fingerprinting feature is stored in a Microsoft designated data center closest to the location of the transaction source for up to 28 days. The data could also be stored along with the transaction that was sent against this profiling session in the customer’s selected geography, if the customer has opted in to storing data with DFP. (Note – for legacy Purchase assessment, data storage is not optional) 4. How can I tell if device fingerprinting has stopped for some reason? In Microsoft Dynamics 365 Fraud Protection, you can tell if device fingerprinting has stopped by monitoring the SSL certificate status and ensuring it is up to date. If the SSL certificate used for device fingerprinting is not renewed before its expiration date, device fingerprinting will stop collecting information. You should receive notifications regarding the SSL certificate for renewal status, as it is a critical component for the device fingerprinting service. Additionally, you can monitor the health and status of device fingerprinting through the Dynamics 365 Fraud Protection portal, which provides metrics that refresh near real-time. These monitors are designed to assist in detecting unusual transaction patterns or anomalies in observation events, such as fraud attacks and faulty rule releases. References: Overview of device fingerprinting - Dynamics 365 Fraud Protection | Microsoft Learn Web setup of device fingerprinting - Dynamics 365 Fraud Protection | Microsoft Learn Monitoring - Dynamics 365 Fraud Protection | Microsoft Learn 5. Outline the device profiling capabilities you support, if any. D365 Fraud Protection (DFP) supports probabilistic device identification, which involves returning an assigned device ID to the client along with device enrichment information. 6. What kind of device metadata can be gathered from the device being used? Data categories collected for web include: UserAgent information Canvas/WebGL data HTTP data Within and across session anomaly information IP, network, VPN and geo intelligence TCP Signature SSL/TLS Signature Client hints Javascript collected information like OS, processor, screen resolution, round trip time, etc. Data categories collected for iOS and Android include: Accelerometer and gyroscope data Location data Emulator and rooted information SIM card information Device specification data like advertising ID, screen size, total memory, screen refresh rate, build ID, etc. User preference data like is closed captioning enabled, is speak screen enabled, is haptic feedback enabled, etc. For a full list of attributes we collect across web, Android, and iOS, see Attributes in device fingerprinting - Dynamics 365 Fraud Protection | Microsoft Learn. 7. How is the metadata evaluated to identify anomalies and create sticky identifiers for device recognition? D365 Fraud Protection (DFP) enriches the attributes collected from the device and runs these attributes through an embedding model, creating a vector representation of a device that remains sticky over time. DFP then checks similarity to determine device ID assignment. With device vectors, we can consistently identify returning devices. 8. What kind of challenges (e.g., CAPTCHAs) are invoked if suspicious activity is detected? D365 Fraud Protection (DFP) doesn't provide challenge capabilities in the product, however, clients can invoke different kinds of challenges that suit their own business needs (CAPTCHA, RECAPTCHA or MFA, for example), through a “challenge” decision based on the bot score rules they configure in our rule engine. 9. What if clients are using a device fingerprinting of their own and they would like to complement with MS DFP, could they use both? Yes, they could use both services. The client can integrate with DFP and their other device fingerprinting and use the data from both on their end. 10. In the portal UX for classic PP, can attributes returned by device fingerprinting only be used in the "Post Risk Scoring" clause section? No, you can reference @"deviceAttributes.trueIp" (for example; gets returned from Device Fingerprinting) in both types of rule clauses – Prior to Scoring, Post Risk Scoring – as this is different than generating a risk score.
RSS feeds to security blogs?
Hello, After the update of blogs here i no longer see any RSS feeds or links. Where can those RSS feed be found now? It was the only newsfeed where blogs could be aggregated. perhaps im just blind :) but i cant find the new RSS feeds. Thank you! Previously (before this weeks update) the links to those RSS feed was as follows: https://techcommunity.microsoft.com/gxcuf89792/rss/board?board.id=MicrosoftSecurityandCompliance https://techcommunity.microsoft.com/gxcuf89792/rss/board?board.id=Identity https://techcommunity.microsoft.com/gxcuf89792/rss/board?board.id=CoreInfrastructureandSecurityBlog https://techcommunity.microsoft.com/gxcuf89792/rss/board?board.id=AzureNetworkSecurityBlog https://techcommunity.microsoft.com/gxcuf89792/rss/board?board.id=IdentityStandards https://techcommunity.microsoft.com/gxcuf89792/rss/board?board.id=MicrosoftThreatProtectionBlog https://techcommunity.microsoft.com/gxcuf89792/rss/board?board.id=MicrosoftDefenderCloudBlog https://techcommunity.microsoft.com/gxcuf89792/rss/board?board.id=MicrosoftDefenderATPBlog https://techcommunity.microsoft.com/gxcuf89792/rss/board?board.id=MicrosoftDefenderIoTBlog https://techcommunity.microsoft.com/gxcuf89792/rss/board?board.id=DefenderExternalAttackSurfaceMgmtBlog https://techcommunity.microsoft.com/gxcuf89792/rss/board?board.id=Vulnerability-Management https://techcommunity.microsoft.com/gxcuf89792/rss/board?board.id=DefenderThreatIntelligence https://techcommunity.microsoft.com/gxcuf89792/rss/board?board.id=MicrosoftSecurityExperts https://techcommunity.microsoft.com/gxcuf89792/rss/board?board.id=Microsoft-Security-Baselines https://techcommunity.microsoft.com/gxcuf89792/rss/board?board.id=MicrosoftSentinelBlog https://techcommunity.microsoft.com/gxcuf89792/rss/board?board.id=MicrosoftDefenderforOffice365BlogTackling frequently asked questions about the DFP ‘Search’ feature.
We're excited to bring you the latest installment of our weekly spotlight series! Our aim is to help you get the most out of Microsoft Dynamics 365 Fraud Protection (DFP) by diving into different topics within our Microsoft Fraud Protection Tech Community. This week, we're continuing to explore the frequently asked questions about the DFP Search feature. It's a great chance to deepen your understanding and enhance your use of this powerful tool. To check out all the Q&A details, please see below. – As always, we value your input and are here to support you. If you've got any questions or need further clarification, don't hesitate to reach out in the Fraud Protection Tech Community. Your feedback is very important to us, and we appreciate your engagement! Best wishes, DFP Product Team ----------- 1. Why can't I access DFP's search functionality? Search must be enabled in your DFP tenant before it can be used. This setting can only be enabled by someone with global admin permissions, and the setting is accessible by clicking the following: Gear Icon (top-right corner of the DFP portal) --> Admin settings --> Search --> Enable search. (Note: Once search has been enabled in your DFP tenant, it cannot be turned off.) References: Search - Dynamics 365 Fraud Protection | Microsoft Learn 2. My transaction is not showing up in search. What can I do? If your transaction is not showing up within the search UX, here are some steps you can take to troubleshoot the issue: Check Search Settings: Ensure that the search feature is enabled in your Dynamics 365 Fraud Protection portal. You must have Product Admin role permissions to enable search. Sign in with your credentials, go to Settings, select the Search tab, and make sure the switch is toggled to On. Select Event Type and Timeframe: When searching, first select the specific assessment you want to search against and then choose the timeframe you want to search across. You can search between any two dates within the past 13 months. Filter Events by Attribute: Use one or more attributes of the transactions to filter your search. You can search by attributes such as email address, DeviceID, or UserID. Review Assessment Configuration: Confirm that you have enabled search for your assessment by checking the Assessment configuration setting. Search will only find transactions that are processed after you enabled the search feature for your assessment. Check for Historical Transactions: Be aware that historical transactions sent before the search feature was enabled are not available in the search results. Note: The standalone Device Fingerprinting template does not support search, however all other Assessment templates do. References: Search - Dynamics 365 Fraud Protection | Microsoft Learn 3. How would a customer query data within the tool? Customers can query data within Microsoft Dynamics 365 Fraud Protection using the Search page, which helps find and view details about events based on specific filter values. Users can search for an individual event ID or use filters to find all transactions that match some criteria. The search results can be exported, or users can drill into an individual event to show a more detailed view. References: Search - Dynamics 365 Fraud Protection | Microsoft Learn 4. We just turned on Search in my DFP tenant, however past transactions aren't being returned that meet my Search criteria. Why? Search is forward-looking by design. This means you will only be able to conduct searches against those transactions that were processed after Search was enabled. 5. Does Search functionality inhibit any Azure resources or result in any performance degradation that wouldimpact fraud decisioning? No, DFP's search feature does not inhibit any Azure resources or result in any performance degradation that would impact fraud decisioning. 6. How long is Search data stored? Search data is stored for 13 months. 7. Can I export Search data into a CSV table? Yes, you can export search data into a CSV file through the Search UX within the DFP portal. A maximum limit of 10,000 rows can be exported at one time. References: Search - Dynamics 365 Fraud Protection | Microsoft Learn 8. When exporting a search result with specific parameters, why is the exported file empty? If you are experiencing an issue where the exported file is empty when exporting a search result with specific parameters in Microsoft Dynamics 365 Fraud Protection, it could be due to a few reasons: Search Feature Not Enabled: Ensure that the search feature is enabled in your Dynamics 365 Fraud Protection portal. You must have Product Admin role permissions to enable search. If search was not enabled when the transactions were processed, they will not appear in the search results. Filter Criteria: Verify that the filter criteria used for the search are correct. If the filters are too restrictive or incorrect, it may result in no transactions matching the criteria, leading to an empty export file. Historical Transactions: Search will not display events that were sent prior to the search feature being turned on. If you are trying to export historical transactions that were sent before search was enabled, they won't be available. Export Options: When exporting, ensure you are selecting the correct export options. There are options to export all data associated with the event (all columns) or only data in the columns that are currently shown in the grid (current columns).. References: Search - Dynamics 365 Fraud Protection | Microsoft Learn 9. I'm trying to export from search. The Notification shows Preparing download, but it never completes the download. How can I fix this? If the notification in Microsoft Dynamics 365 Fraud Protection shows "Preparing download" but the download never completes, it could be due to a temporary service issue or a problem with the export process. Here are some steps you can take to troubleshoot and potentially resolve the issue: Retry the Export: Attempt to export the search results again. Sometimes, retrying the process can resolve temporary glitches. Review Export Parameters: Ensure that the search parameters and filters are set correctly and that they are not too broad, which could result in a large dataset that may take longer to export. Check File Size: If the dataset is very large, consider narrowing down the search criteria to reduce the file size, making it more manageable for export. Use a Different Browser: Try using a different web browser or clearing the cache of your current browser before attempting the export again. Check Service Health: Verify if there are any known issues with Dynamics 365 Fraud Protection by checking the service health in the Microsoft 365 admin center or Dynamics 365 Fraud Protection portal. References: Search - Dynamics 365 Fraud Protection | Microsoft Learn 10. Search export sends CSV files. How can I export XLS files in order to do analysis on thousands of transactions at once? In Microsoft Dynamics 365 Fraud Protection, the standard export format for search results is CSV, which is commonly used for its compatibility with various systems and ease of handling large datasets. If you need to export data into XLS format, please consider the following options: Convert CSV to XLS/XLSX: After exporting the data as a CSV file, you can use Excel to open the file and then save it as an XLS or XLSX file. This allows you to leverage Excel's analysis tools on the data. Use Power Query in Excel: Excel's Power Query feature can import data directly from a CSV file and transform it as needed. Once imported, you can then work with the data within Excel and save it as an XLS file.
