User Profile
53CU1t
Copper Contributor
Joined 4 years ago
User Widgets
Recent Discussions
Continuous Threat Monitoring for GitHub Connector setup broken
Hi, i tried today to deploy theContinuous Threat Monitoring for GitHub Connector and it looks broken. Error Data Connector Not Found. Already reproted here: https://azuremarketplace.microsoft.com/en-us/marketplace/apps/microsoftcorporation1622712991604.sentinel4github?tab=Overview What is the workarround or how is the right way to deploy?469Views0likes4CommentsHandling Hundreds of Open orphaned Alerts in Microsoft Defender for Cloud
Hello Community, I have several hundred open alerts generated by Microsoft Defender for Cloud that haven't been addressed. According to the documentation, it's essential to review and handle these alerts to ensure the Machine Learning algorithm adapts to our environment. Should I process each alert individually, which is challenging due to the historical context and missing logs, or use a script to clean them up manually? How would you approach this situation? Thanks in advance for your help!427Views0likes2CommentsAMA Agent manual installation and linking
Hi everybody, as far as i know for specific security features defender for cloud needs toData collection via OMS Agent or AMA to to provide visibility into missing updates, misconfigured OS security settings, Endpoint protection status. How can i manually install and configure it without auto-deployment via defender for cloud? Do i have to link the data? Kind Regards Sebastian3.5KViews0likes2CommentsDefender for endpoint (server) on azure DevOps agent pool
Hi, I would like to know if defender for endpoint (server) on azure DevOps agent pool (virtual machine scale set) is recommended or actually supported. Every time the azure DevOps agent is installed on a agent pool machine the user AzDevOps is created and recognized as „creation of suspicious user account" a suspicious user was added alert in defender portal. What would you recommend to avoid that alerts? Suppress Rules based on F Kind Regards Sebastian907Views0likes1CommentAzure Firewall Threat Intelligence
Hi, i enabled Azure Firewall Threat Intelligence Service "Deny and Alert" in my Policy and tested viatestmaliciousdomain.eastus.cloudapp.azure.com like in microsoft docsThreat Intelligence-gestütztes Filtern für Azure Firewall | Microsoft Docsbut curl don't work and it should by handelevia build default rule of threat intelin firewall ruleset. Does anyone have experince if the service works and how to get a valid test? Regards Sebastian1.2KViews1like1CommentRe: MDM Security Baseline vs Intune Profile
RickB60could you solve the problem? i also have this problem and dont really understand why the av scan settings are overlapping in the both config methods. Do you know the difference or could you please explain if you can use Endpoint Security Baseline with Endpoint Policies together?4.3KViews0likes0CommentsMDE Client Onboarding fails in case of profile conflicts
some newly installed windows 10 clients do not onboard in Defender. The onboarding is done via the Intune. For this onboarding purpose, a device configuration profile was created and another configuration profile in the Defender settings under the "Endpoint Detection and Response"configuration settings. As far as I can see, the settings for "Block sample sharing for all files" and "Expedite telemetry reporting frequency" are duplicated in both configuration profiles. Is it correct that these settings can only be set in the device configuration profile and under EDR to "not configured"? What is the right way? Thanks3.1KViews0likes3CommentsDefender for Endpoint Onboardingprofile Conflicts
I have the problem that some newly installed clients do not onboard in Defender. The onboarding is done via the Intune. For this purpose, a device configuration profile was created and set in the Intune Defender settings under the EDR Settings Tab. As far as I can see, the settings are duplicated here. Is it correct that these settings can only be set in the device configuration profile and under EDR to "not configured"? What is the right way? ThanksSolved26KViews0likes3Comments