User Profile
TaurusTec
Brass Contributor
Joined Jun 20, 2022
User Widgets
Recent Discussions
Re: B2B user with Security Admin cannot access Defender for Office 365 threat policies
PhilostYes, we figured that workaround out as well, but for us it's a no-go. Being a member type user gives you access to all the customers' internal resource, i.e. Sharepoint. This is a privacy issue and makes this workaround off limits for us as an MSSP. We looked into locking down access via conditional access policies, but it's unmanageable. We have a ticket running with Microsoft support on this issue, if a real solution comes from it, I'll update here.1.5KViews0likes1CommentRe: B2B user with Security Admin cannot access Defender for Office 365 threat policies
Hi Matt, No I have not solved this issue, nor have I received proper support from msft. I had opened a case via the Partner Center but received only an answer in the form of links to msft docs, not very helpful. Anyone else has any clue here?2.1KViews0likes1CommentHow to monitor changes to M365 Defender back end?
Is there a resource where we can keep up to date with (or be notified of) changes to the back end of Defender? The M365 security road map does not provide this kind of detail.(https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=) An example: we read out data from M365D via API calls, this goes into scripts to perform various functions like alerting, ticketing, automation, etc. We need to be aware ahead of time if something would be changed in the API call or in the data it outputs, so that we can adapt our back end to this change. Would would be the correct channel to get this kind of info directly from Microsoft?735Views0likes0CommentsRe: Microsoft 365 Defender for big companies
Where is it stated that Microsoft 365 Defender is not recommended for big companies? I personally work on tenants of clients in the 1500-20000 user range with M365D. As I understand, Defender for Business is not meant for big companies, but M365D is. Defender for Business is the slimmed down SME version of Microsoft 365 Defender, hence the limitations. "Microsoft Defender for Business capabilities Microsoft Defender for Business is optimized to meet the needs of small and medium businesses of up to 300 users." See: https://www.microsoft.com/en-us/security/business/endpoint-security/microsoft-defender-business2.1KViews1like1CommentB2B user with Security Admin cannot access Defender for Office 365 threat policies
To work on Microsoft 365 Defender we have set up MSSP access as defined in https://urldefense.com/v3/__https:/cloudpartners.transform.microsoft.com/download?assetname=assets*2FAzure-Sentinel-Technical-Playbook-for-MSSPs.pdf&download=1__;JQ!!MmCVSxch1b8!CPxLX1n66zkMX0vgsPaYFBOVOV1fintOwnE75uMduuyGwAKsKVhVF6PzCikW3CGqk5wNKAbWtPzpmNv2QcZzW8JuACRqOs0$. Now we noticed that with the guest users, which have activated the Security Admin role via the access packages and PIM, we can't access the Threat Policies within the Microsoft 365 Defender tenant. We tested it on our lab tenant, and there the behaviour is the same, but for member users the issues does not arise. Is this expected behavior? If so, is there another way that we can manage our client's threat policies without creating member users in their tenant? Is the limited support for guest users documented anywhere by Microsoft? It is stated in the docs that sec admin has these permissions, but there is no mention anywhere that this would be limited for guest users. If anyone has more info on this issue, or even a better way of working, sharing it would be greatly appreciated.2.5KViews0likes6CommentsRe: Ediscovery with B2B external user
Is the limited support for guest users documented anywhere by Microsoft? I'm having a similar issue in a setup where we connect to client tenants from our MSSP tenant via B2B guest users, but have trouble accessing for example the Office 365 Threat Policies in M365 Defender. We have assigned Security Admin to the B2B users, but still cannot access them. With a member user this is no issue. It is stated in the docs that sec admin has these permissions, but there is no mention anywhere that this would be limited for guest users. For us this is posing big issues for delivering our managed services. We have too many client tenants and too many engineers to user member accounts on client tenants in a manageable way. If anyone has more info on this issue, or even a better way of working, sharing it would be greatly appreciated. VasilMichev1.7KViews0likes0CommentsRe: API for Defender for Identity Portal
Hi Martin, Thanks for the update. Is there any way I can follow up on the status of this? I don't see any mention of it on the M365 Roadmap: https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=Microsoft%20Defender%20for%20Identity8.4KViews0likes2CommentsRe: API for Defender for Identity Portal
Is there any update on this? I have a service requirement to be able to extract MDI health issue information via API. As monitoring the domain controller health status is a crucial part of the service to our customers, this needs to be monitored in an automated manner.8.6KViews0likes7Comments
Recent Blog Articles
No content to show