User Profile
stade1655
Copper Contributor
Joined Oct 18, 2024
User Widgets
Recent Discussions
Re: Advanced Hunting along with a Custom Detection Rule
Hi luchete I'm trying to determine exactly which Advanced Hunting tables are available in Microsoft 365 Business Premium, which includes Defender for Business. I understand that Defender for Business includes a mix of Defender for Endpoint Plan 1 and some features from Plan 2, but I can't find a clear list of which tables are accessible in Advanced Hunting under this specific licensing model. Some sources suggest that tables like DeviceEvents and DeviceInfo might be restricted to Defender for Endpoint Plan 2, but I would appreciate an official or community-confirmed list of available tables under Defender for Business. Additionally, is it possible to achieve automatic isolation using another table in Advanced Hunting? If some tables are restricted, is there an alternative approach to trigger device isolation based on hunting queries? Would really appreciate any insights or official references! Thanks in advance!248Views0likes0CommentsRe: Advanced Hunting along with a Custom Detection Rule
Thank you for the detailed explanation! This is exactly the guidance I needed to get started with creating a KQL query and setting up a Custom Detection Rule in Microsoft Defender for Business. I’ll try this out and reach out if I need further assistance. Appreciate your support!305Views1like0CommentsAdvanced Hunting along with a Custom Detection Rule
Good afternoon, I need some help setting up a KQL query in Advanced Hunting along with a Custom Detection Rule to automatically isolate devices where a virus or ransomware is detected. The rule must run at NRT (Near Real-Time) frequency. We are using Microsoft Defender for Business, which is included in the Microsoft 365 Business Premium license. Would any kind community member be able to provide me with a starting point for this? Thank you in advance!SolvedIssue: Invitations from SharePoint and Teams Redirect to Incorrect Page
I hope you're doing well! I’m reaching out to seek some guidance regarding an issue we’ve encountered with guest invitations in SharePoint and Teams. When we send invitations to guests from SharePoint and Teams, they are redirected to the Entra ID "My Applications" page instead of directly to SharePoint or Teams. We do not want guests to be redirected to the "My Applications" page in the directory but rather directly to the respective service/application. Is this a configuration setting, and if so, where can this be adjusted? I have been unable to locate such a setting in Entra ID. Another notable issue is that invitations take 1 to 2 hours to reach the invited guest. Thank you in advance for your assistance.76Views0likes0CommentsRe: Microsoft Defender for Business - incidents automatically created
Hi micheleariis, Thank you very much for your explanation and the clear overview information about how Microsoft Defender for Business automatically creates incidents based on specific alerts. I truly appreciate it!188Views1like0CommentsMicrosoft Defender for Business - incidents automatically created
Good afternoon, I wonder if someone can answer whether incidents are automatically created for alerts in the Defender portal for Defender for Business for identities and risky users? Thank you in advance.Solved275Views0likes2Comments
Recent Blog Articles
No content to show