Member: pwahlmueller | Microsoft Community Hub

Recent Discussions

Defender for Endpoint API vs Website
I use the Defender for Endpoint API to tag some devices. This generally works fine. Now I have the following situation for some days now (so no "sync" problem) On the Website I have a specific dns name (device name) which appears two times on the website, but I only get it one time via the API. What I did with the API: Try to get the device with the guid provided in the web. One guid returns the object, the other returns 404-Not found Call: https://api.securitycenter.microsoft.com/api/machines/<guid> Read all Machines and try to find the dns / the guid - did not find the missing device. Call: https://api.securitycenter.microsoft.com/api/machines As far as I know, you cannot restrict the permissions for the devices in API queries. Why they are missing? How can I get the "lost" device? Anybody with the same experience? Any ideas? EDIT: This device is even not consistent in the web view. If you add a tag and filter after that tag, the device does not appear. EDIT2: This device can be found with the API, if you add a tag and get all devices of this tag. But still is not in the list of all devices and cannot be call by the device guid.
Jun 10, 2024 Place Microsoft Defender for Endpoint
338Views
0likes
0Comments
Re: Defender for Endpoint permission for part of Devices
Hi DylanInfosec , Thanks - and yes you can do that in the script. I wanted to know, if I can give permission to the app registration, so there is only the permission to change allowed maschines. I think this is not possible.
Jun 09, 2024 Place Microsoft Defender for Endpoint
524Views
0likes
1Comment
Re: Exclude Device in Defender for endpoint
This is what I found yet. Not fully satisfying. https://practical365.com/handling-inactive-devices-in-microsoft-defender-for-endpoint/
Apr 08, 2024 Place Microsoft Defender for Endpoint
1.8KViews
0likes
0Comments
Defender for Endpoint permission for part of Devices
An automation should be able to flag all windows 10 machines in defender for endpoint (only some selected should be flagged, depending on "things") As it is an automation, we use app registration for permission management. I gave the permission Machine.ReadWrite.All - This works, but I could also flag other machines. So the question is, how can I restrict permissions to Windows 10 machines? It seems to be possible with device groups - but it also seems, that device groups are not intended to do that. Any suggestions / ideas? thanks in advance!
Apr 08, 2024 Place Microsoft Defender for Endpoint
981Views
1like
3Comments
SCSM Exchange Connector - check related Workitems
I want to check which workitems were created by an specific Exchange Connector. Any ideas how I can do that? Anybody who knows the tables? tia
Mar 07, 2024 Place System Center
215Views
0likes
0Comments
Re: MP Microsoft.Windows.Library version mismatch [7.5.8501.0]:[7.5.8501.1]
Funny, I have the same error message, but I only have the 7.5.8501.1 version of the Microsoft.Windows.Library.
Feb 08, 2024 Place System Center
583Views
0likes
0Comments
Exclude Device in Defender for endpoint
In the DfE GUI on security.microsoft.com it is possible to exclude a device manually adding a justification (eg Duplicate device) and additional Notes. Now I'd like to use an API - probably the Windows Defender ATP API - for this task. But it seems it is only possible to offboard the device, but not to exclude it. Is it somehow possible to exclude the device via an API? tia
Nov 09, 2023 Place Microsoft Defender for Endpoint
3.6KViews
0likes
7Comments
Re: SCO running Runbook gets orphanded after 2 to 3 Minutes and initiates the runbook new
In my case that was a runbook with the command get-scsmobject -class System.User from the smlets in it. There are about 40000 Users in this system. When executing the command in the 32 bit ISE, the ISE crashed. As a workaround, I reduced the the amount of data loaded by get-scsmobject and the effect has gone in the ISE and the Orchestrator runbook is working fine again.
Oct 16, 2023 Place System Center
560Views
0likes
0Comments
SCO running Runbook gets orphanded after 2 to 3 Minutes and initiates the runbook new
So I had the issue, that it appeared that suddenly a runbook was running multiple times. All instances apearing in 2 to 3 minutes. The new runbook was really running, the "older" once got orphanded and could be removed with the remove orphanded runbooks script.
Solved
Oct 16, 2023 Place System Center
468Views
0likes
1Comment
Re: Exclude Device in Defender for endpoint
Oh thank you. Would be great to hear, if there is something planned.
Oct 09, 2023 Place Microsoft Defender for Endpoint
2.9KViews
0likes
0Comments
Re: SCSM: Generic CI detail window cannot display custom CIs
Had installed SCSM 2019 UR1 Installed SCSM 2019 UR4 (see here https://www.microsoft.com/en-us/download/details.aspx?id=104264) Now it works. So maybe a broken dll.
Jul 26, 2023 Place System Center
622Views
0likes
0Comments
SCSM: Generic CI detail window cannot display custom CIs
Generic CI detail window cannot display custom CIs If you have a custom form, they will show up. Error Message: ObjectName = MTV_PermissionObjectName = MTV_Permission Microsoft.EnterpriseManagement.Common.DataItemDoesNotExistException: ObjectName = MTV_Permission bei Microsoft.EnterpriseManagement.DataAccessLayer.TypeSpaceData.GetInformationSchemaForObject(String objectName) bei Microsoft.EnterpriseManagement.DataAccessLayer.ManagedTypeSelectPropertyGenerator.DefineSelectTypeOnPropertyValueView(Guid managedTypeId, TypeSpaceData typeSpaceData) bei Microsoft.EnterpriseManagement.DataAccessLayer.ManagedTypeSelectPropertyGenerator.CreateQueryDefinition(Guid typeId, DatabaseConnection databaseConnection) bei Microsoft.EnterpriseManagement.DataAccessLayer.TypeSpaceData.GetOnDemandQueryDefinition(String queryDefinitionName, DatabaseConnection databaseConnection) bei Microsoft.EnterpriseManagement.DataAccessLayer.TypeSpaceData.GetGeneratedQueryDefinition(String queryDefinitionName, DatabaseConnection databaseConnection) bei Microsoft.EnterpriseManagement.DataAccessLayer.DatabaseConnection.GetQueryDefinition(String queryDefinitionName) bei Microsoft.EnterpriseManagement.DataAccessLayer.ManagedTypeSelectPropertyGenerator.GenerateSelectTypeOnPropertyValueView(Guid managedTypeId, DatabaseConnection databaseConnection) bei Microsoft.EnterpriseManagement.DataAccessLayer.ManagedTypeSelectPropertyGenerator.CreateQueryDefinition(Guid typeId, DatabaseConnection databaseConnection) bei Microsoft.EnterpriseManagement.DataAccessLayer.TypeSpaceData.GetOnDemandQueryDefinition(String queryDefinitionName, DatabaseConnection databaseConnection) bei Microsoft.EnterpriseManagement.DataAccessLayer.TypeSpaceData.GetGeneratedQueryDefinition(String queryDefinitionName, DatabaseConnection databaseConnection) bei Microsoft.EnterpriseManagement.DataAccessLayer.DatabaseConnection.GetQueryDefinition(String queryDefinitionName) bei Microsoft.EnterpriseManagement.DataAccessLayer.ManagedTypeSelectViewGenerator.GenerateSelectTypeOnView(Guid managedTypeId, DatabaseConnection databaseConnection) bei Microsoft.EnterpriseManagement.DataAccessLayer.ManagedTypeSelectViewGenerator.CreateQueryDefinition(Guid typeId, DatabaseConnection databaseConnection) bei Microsoft.EnterpriseManagement.DataAccessLayer.TypeSpaceData.GetOnDemandQueryDefinition(String queryDefinitionName, DatabaseConnection databaseConnection) bei Microsoft.EnterpriseManagement.DataAccessLayer.TypeSpaceData.GetGeneratedQueryDefinition(String queryDefinitionName, DatabaseConnection databaseConnection) bei Microsoft.EnterpriseManagement.DataAccessLayer.DatabaseConnection.GetQueryDefinition(String queryDefinitionName) bei Microsoft.EnterpriseManagement.DataAccessLayer.CompositeQuery.ProcessCriteriaXmlForProperty(XmlTextReader criteriaReader, IDictionary`2 innerJoinIndexForView, IDictionary`2 subqueryNeedsEMOVByCompositeNodeId, IDictionary`2 subQueryJoinAliasesByCompositeNodeId, QueryRequest queryRequestInnerCriteria, TypeSpaceData typeSpaceData, Int32& iNextViewJoin) bei Microsoft.EnterpriseManagement.DataAccessLayer.CompositeQuery.ProcessCriteriaXml(QueryRequest queryRequestComponent, TypeSpaceData typeSpaceData) bei Microsoft.EnterpriseManagement.DataAccessLayer.CompositeQuery.CreateSqlCommand() bei Microsoft.EnterpriseManagement.DataAccessLayer.CompositeQuery.GetQueryResults() bei Microsoft.EnterpriseManagement.DataAccessLayer.CompositeQuery.Execute() bei Microsoft.EnterpriseManagement.ServiceDataLayer.DataAccessFeatureImplementation.ExecuteQueryForProjectionBySingleSeedId(Guid typeProjectionId, Pair`2[] parametersAndValues, Guid seedId, InstanceQueryOptions instanceQueryOptions, IList`1& compositeResults)
Solved
Jul 26, 2023 Place System Center
629Views
0likes
1Comment
SCSM AD Connector Notification issue
We have the issue, that the Connector adds new users from ad. The SMTP and SIP notifications are also connected, but the relationship is not created. So we have * a User Object without a notification Object * a Notification object without any relationships - so they are orphanded. Anyone any idea? TIA We are using SCSM 2022 with AD connector.
Jul 18, 2023 Place System Center
571Views
0likes
0Comments
Re: SCSM 2019 UR Installation Error
Hmm.. Also tried to delete => error. Tried to let SSMS create a FullTextCatalog script => error So... do you have a statement, that worked for you?
Jul 18, 2023 Place System Center
671Views
0likes
0Comments
Re: MUST be able to delete duplicate/orphaned devices from M365 Security Center
I found the option to exclude devices option, but can this be done by script? Is there an API for that?
Jul 17, 2023 Place Microsoft Defender for Endpoint
13KViews
0likes
0Comments
Re: Error when try to change request offering after upgrade SCSM to 2022
Fixed in SCSM 2022 UR1
Jul 14, 2023 Place System Center
684Views
0likes
0Comments
SCO: The Runbook Server was unable to publish the runbook with unique identifier
Have this in my System Center Orchestrator Runbook Events: The Runbook Server was unable to publish the runbook with unique identifier '{GUID}' However, no effects are visible, but error messages are rarely good.. Any idea?
May 16, 2023 Place System Center
Orchestrator
system center
564Views
0likes
0Comments
Error when try to change request offering after upgrade SCSM to 2022
We upgraded SCSM from 2016 to 2019 to 2022. We want to change the query result of the request offering. If you want to configure the "2. Configure Criteria (optional)" the 2022 console crashes. If you use the old 2016 console it still works. Already tried: https://www.techguy.at/fix-scsm-console-issues/ ErrorMessage: Application: Service Manager Application Version: 10.22.1068.0 Severity: Error Message: An error was encountered while running the Service Manager Console. The console will now close Event log (Applications) Application: Microsoft.EnterpriseManagement.ServiceManager.UI.Console.exe Source = Application Error Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.NullReferenceException Source = .NET Runtime Faulting application name: Microsoft.EnterpriseManagement.ServiceManager.UI.Console.exe, version: 10.22.1068.0, time stamp: 0x6209d5f6 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Solved
May 16, 2023 Place System Center
742Views
0likes
1Comment
Run Report in SCSM 2022 Console after update to 2022
If you run a report in reporting after the update to 2022 the reports do not work any longer. In the "From host" window an error message appears: Failed to load expression host assembly. Details: Could not load file assembly.
May 12, 2023 Place System Center
Service Manager
system center
system center service manager
620Views
0likes
0Comments
Re: Reset option - Virtual Machine Pool
It resets the virtual machine to the template.
Oct 19, 2021 Place Azure Lab Services
764Views
0likes
0Comments

User Profile

pwahlmueller

User Widgets

Recent Discussions

Defender for Endpoint API vs Website

Re: Defender for Endpoint permission for part of Devices

Re: Exclude Device in Defender for endpoint

Defender for Endpoint permission for part of Devices

SCSM Exchange Connector - check related Workitems

Re: MP Microsoft.Windows.Library version mismatch [7.5.8501.0]:[7.5.8501.1]

Exclude Device in Defender for endpoint

Re: SCO running Runbook gets orphanded after 2 to 3 Minutes and initiates the runbook new

SCO running Runbook gets orphanded after 2 to 3 Minutes and initiates the runbook new

Re: Exclude Device in Defender for endpoint

Re: SCSM: Generic CI detail window cannot display custom CIs

SCSM: Generic CI detail window cannot display custom CIs

SCSM AD Connector Notification issue

Re: SCSM 2019 UR Installation Error

Re: MUST be able to delete duplicate/orphaned devices from M365 Security Center

Re: Error when try to change request offering after upgrade SCSM to 2022

SCO: The Runbook Server was unable to publish the runbook with unique identifier

Error when try to change request offering after upgrade SCSM to 2022

Run Report in SCSM 2022 Console after update to 2022

Re: Reset option - Virtual Machine Pool

Recent Blog Articles