User Profile
53CU1t
Copper Contributor
Joined Dec 13, 2021
User Widgets
Recent Discussions
Continuous Threat Monitoring for GitHub Connector setup broken
Hi, i tried today to deploy the Continuous Threat Monitoring for GitHub Connector and it looks broken. Error Data Connector Not Found. Already reproted here: https://azuremarketplace.microsoft.com/en-us/marketplace/apps/microsoftcorporation1622712991604.sentinel4github?tab=Overview What is the workarround or how is the right way to deploy?Handling Hundreds of Open orphaned Alerts in Microsoft Defender for Cloud
Hello Community, I have several hundred open alerts generated by Microsoft Defender for Cloud that haven't been addressed. According to the documentation, it's essential to review and handle these alerts to ensure the Machine Learning algorithm adapts to our environment. Should I process each alert individually, which is challenging due to the historical context and missing logs, or use a script to clean them up manually? How would you approach this situation? Thanks in advance for your help!AMA Agent manual installation and linking
Hi everybody, as far as i know for specific security features defender for cloud needs to Data collection via OMS Agent or AMA to to provide visibility into missing updates, misconfigured OS security settings, Endpoint protection status. How can i manually install and configure it without auto-deployment via defender for cloud? Do i have to link the data? Kind Regards SebastianDefender for endpoint (server) on azure DevOps agent pool
Hi, I would like to know if defender for endpoint (server) on azure DevOps agent pool (virtual machine scale set) is recommended or actually supported. Every time the azure DevOps agent is installed on a agent pool machine the user AzDevOps is created and recognized as „creation of suspicious user account" a suspicious user was added alert in defender portal. What would you recommend to avoid that alerts? Suppress Rules based on F Kind Regards SebastianAzure Firewall Threat Intelligence
Hi, i enabled Azure Firewall Threat Intelligence Service "Deny and Alert" in my Policy and tested via testmaliciousdomain.eastus.cloudapp.azure.com like in microsoft docs https://docs.microsoft.com/de-de/azure/firewall/threat-intel but curl don't work and it should by handele via build default rule of threat intel in firewall ruleset. Does anyone have experince if the service works and how to get a valid test? Regards SebastianRe: MDM Security Baseline vs Intune Profile
RickB60 could you solve the problem? i also have this problem and dont really understand why the av scan settings are overlapping in the both config methods. Do you know the difference or could you please explain if you can use Endpoint Security Baseline with Endpoint Policies together?MDE Client Onboarding fails in case of profile conflicts
some newly installed windows 10 clients do not onboard in Defender. The onboarding is done via the Intune. For this onboarding purpose, a device configuration profile was created and another configuration profile in the Defender settings under the "Endpoint Detection and Response" configuration settings. As far as I can see, the settings for "Block sample sharing for all files" and "Expedite telemetry reporting frequency" are duplicated in both configuration profiles. Is it correct that these settings can only be set in the device configuration profile and under EDR to "not configured"? What is the right way? Thanks
