User Profile
marysia_k
MicrosoftJoined 5 years ago
User Widgets
Recent Discussions
Re: Best Practice for MDE Policies
rob_wood_8894 Hi Rob, we currently do not have an all-up best practices doc but we have a related article in-plan. In the meantime, I am including docs that highlight some of our key protection features: Specifically for mac/linux: Set preferences for Microsoft Defender for Endpoint on Mac | Microsoft Docs Set preferences for Microsoft Defender for Endpoint on Linux | Microsoft Docs Protect security settings with tamper protection | Microsoft Docs Use attack surface reduction rules to prevent malware infection | Microsoft Docs Why cloud protection should be enabled for Microsoft Defender Antivirus | Microsoft Docs Use automated investigations to investigate and remediate threats | Microsoft Docs Use network protection to help prevent connections to bad sites | Microsoft Docs3.5KViews0likes2CommentsRe: Inventory-duplicate data
Hi Dean_Gross, It is likely that MDE (EDR) is enabled on your master image so that you have the same Device ID. Please make sure to follow: Onboarding and servicing non-persistent VDI machines with Microsoft Defender ATP - Microsoft Tech Community. Let me know if this helps Marysia2.2KViews0likes0CommentsRe: www.microsoft.com needs to be allowed by proxy? (linux)
Hi MrJohnson1905, You are not required to allow the entire www.microsoft.com URL but there are a few required sub paths. For the full list, please refer to mde-urls-commercial.xlsx (live.com), which can be found under Configure device proxy and Internet connection settings | Microsoft Docs. Hope this helps, Marysia1.5KViews0likes0CommentsRe: New Device Health Reporting showing incorrect status
Hi MattBurrows , Please note that the data in our reports is refreshed every ~2-3 hours. If you are still seeing this issue with data not updating after 3 hours, can you please send the machine ids for which you see discrepancies to <mde_healthreporting@microsoft.com> so that the team can investigate. Thanks!1.8KViews0likes0CommentsRe: Microsoft Security Client - Log off Network
Hi! It is not entirely clear from this log what the issue is. In terms of AppGuard, it does not require MDE so the two should not be related. I would recommend creating a customer support case via their support channel or providing some additional context or information here.11KViews0likes0CommentsRe: microsoft defender for endpoint dashboard not populating
The issue is not likely to be related to the move to the new M365 portal. We would need to gather additional information so we can best assist you: Do you have a valid MDE license? If so, were you able to see all expected information in the portal previously or is the issue specific to Windows or any other OS? Currently are you missing alert information from all devices or just from a subset of devices? Are you seeing any information at all arriving from the monitored devices? I would recommend creating a customer support case via their support channel, if you have not already.2.2KViews0likes0CommentsRe: Colum header meanings in vulnerabilities export files
For more information about threat and vulnerability management please refer to this link: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/tvm-weaknesses?view=o365-worldwide. Additionally, if I understand your second question correctly, the EDR service is doing the vulnerability assessment. Please let me know if this answers your question2KViews1like1CommentRe: Install Microsoft Defender for Endpoint on 1909/20H2 VDI
Yes, MDE works with VDI and Microsoft Defender AV is one of the components of MDE. MDE's attack surface reduction and exploit protection are some features, among others. To read more about MDE's feature offering please refer to: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/?view=o365-worldwide. For VDI, Defender runs inside the OS. Here are some articles to learn more about installing MDE on VDI: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/deployment-vdi-microsoft-defender-antivirus?view=o365-worldwide and https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-endpoints-vdi?view=o365-worldwide1.5KViews0likes0CommentsRe: Offboard a device
jcescut To answer your first question, you would need to query the following registry key using a tool such as SCCM's CMPivot to query the registry string value "OnboardedInfo" (image below). This will show the OrgID. For offboarding, as noted above -- If you don’t have an offboarding package then you will need to open a Microsoft CSS Security -MDE support case to get it.4KViews1like0Comments
