Microsoft Defender ATP
5 TopicsWindows Defender Antivirus (Active or Passive)
Hi, I need to get a report of machines with status of Windows Defender Antivirus (Active or Passive). As per the document -https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup#verify-that-microsoft-defender-antivirus-is-in-passive-mode it says to run Get-MpComputerStatus cmdlet in Powershell and check the value for AMRunningMode. When I ran this on a machine where a 3rd party AV was installed with Windows Defender AV running in passive mode, I got the value Normal under AMRunningMode instead of Passive. Is there any other way we can get the status of Windows Defender AV from MDATP Security Center or Intune.Microsoft Defender ATP Servers Licensing
Hi, I have gone through the below article but still am confused on the licensing model for servers if I need to onboard them on MDATP. https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements Suppose I haveMicrosoft 365 E5 Security license with me, so will I be able to onboard windows server from MDATP Security Center or do I need to get any standalone license just for server. I don't want to go with the Pay-as-you-go model from ASC. Thijs LecomteAlex VerboonSteve NewbyMicrosoft Defender ATP Licensing for Servers
Hi, I am currently using Pay-as-you-go Licensing Model for Defender ATP for Servers as initially we onboarded servers with Azure Security Center. Now what should be the approach to change the licensing model from Pay-as-you-Go to Standalone License for Servers.How does NetworkCommunicationsEvents > RemoteURL entity get filled?
Hi team, With WDATP EDR available for Mac I wanted to investigate the RemoteURL field for all Firefox processes, but we don't seem to be capturing that data. NetworkCommunicationEvents | where InitiatingProcessFileName == "firefox" | summarize by RemoteURL RemoteIP is correctly filled, but not RemoteURL. Any ideas?2.1KViews0likes3Comments