Tamper Protection managed by administrator and OFF - cannot be enabled manually when joined on-prem
Hi all, We are currently only managing Microsoft Defender ATP via Group Policy and there is no GPO for tamper protection. But we cannot enable it manually either-. "This setting is managed by your administrator" and set tamper protection to OFF. When deploying a new Windows 10 I can enable it manually. When joining the computer to on-prem AD and GPO for Windows Defender ATP hits, temper protection is turned off and you cannot change it. Is this by design or is there a GPO setting interfering? Thanks!Microsoft Defender ATP now in preview on Windows 10 Enterprise multi-session
We are happy to announce onMicrosoft Defender Advanced Threat Protection (MDATP) support on Windows Virtual Desktopenabling bothsingleandmulti-sessionscenarios. The support forMulti-user session scenariosis currently inPreviewandlimited up to 25 concurrent sessionsper host/VM while the single session scenariosarefully supported. The support applies to the following operating systems: Windows 10 Enterprise multi-session, version 1809 or later Windows 10 Enterprise, version 1809 or later Windows 7 Enterprise Windows Server 2019 Windows Server 2016 Windows Server 2012 R2 Onboarding WVD devices to MDATP is done via the existing device onboarding process, follow the relevant onboarding instructions per the platform you are using: Followthese instructionsfor Windows 10 based VMs Followthese instructionsfor Windows Server-based VMs Followthese instructionsfor previous Windows client versions Regards, PieterMicrosoft Defender ATP and Microsoft Flow Integration
Hi Community, I want to share with you the latest about Microsoft Defender ATP and Microsoft Flow integration, not only from technical side, but show you a real-scenario on how to use this feature, to detect and respond to emerging threats with one click from your mobile device. With the help of fellow MVPs, I created a demo that ensures your security teams are alerted by email at all times about threats across your organization, and they can take actions from within that email whether they are at work, traveling and from their mobile devices. Here is a link to the full demo in a blog post and on a YouTube video. Please let me know if you have any questions regarding this integration by connecting to me on Twitter@ammarhasayen. Bonus Demo: You can also watch a real scenario demo showing how to protect your CEO machine with MS Flow Restrict App Execution demo.
MDATP File Hash Indicators
Hi, I am not allowed to upload MD5 file hashes into the Indicators Tab for Microsoft Defender Security Center. It also shows a message that MD5 file hash method is not recommended. I have around 500 MD5 hashes for IOCs which I need to upload. Is there a way around through which I can cover these MD5 file hashes to SHA-1 or SHA-256 and then upload in Defender Security Center.mdatp device compliance
Hi, is there a recent change within the handling of mdatp compliance policy out of endpoint manager? We used to assign mdatp compliance policy to "All Users" which, in the past, only evaluates the related user account, which was matched to the policy assignment. Since yesterday, we recognized, that the mdatp compliance policy is also scoped to the device itself: now also the system account gets evaluated, and we have a new built-in compliance policy system account evaluation.... In addition, the scoped user account remains as "not applicable" for this compliance policy. Anyone knows more details about this? Thank you ThomasWrong MDATP Logic App Connector Auth. endpoint for USgov
I'm trying to create a logic app that will trigger when a new WDATP alert occurs inside of a USgov region using the MDATP connector in the logic app designer. When I click the "Sign in" button it takes me to the authentication URL athttps://login.microsoftonline.com/which is not the proper authentication endpoint for USgov (it should redirect me tohttps://login.microsoftonline.us) This causes an error response letting me know that I'm making a request to a public endpoint instead of the government endpoint, and that the application must send the user to the right endpoint. I've spent hours looking for ways to change the authentication endpoint to the USgov one in the Microsoft Defender ATP logic app connector and I'm out of ideas. Has anyone encountered this issue and was able to edit the connector's request? or found a workaround? I'd love to hear from someone, thank you!
