Defender for Endpoint Firewall Rules Not Applying to Devices
Hello Security Experts, I’m currently deploying Microsoft Defender for Business and trying to enforce firewall configurations directly from the Defender portal. However, I’ve noticed that the settings are not applying to any of the onboarded devices — nothing changes on the endpoints. Do firewall rules in Defender for Endpoint require Intune to be enforced, or should they work standalone? And if Intune isn’t used, what’s the best approach to apply consistent Defender firewall rules across devices? Thanks, LucaCan’t Remove Defender Tag After Asset Rule Was Deleted
Hi all, I’m facing an issue where a rule-based tag in Microsoft Defender for Endpoint remains visible on devices even after I deleted the original asset rule. The rule was disabled and deleted months ago, but the tag still appears under Rule-based tags in the device details. Even using the API or PowerShell doesn’t show or remove it. Is there any supported way to force a tag refresh or clear orphaned rule-based tags from the Defender portal? Thanks in advance, LucaAutomating Defender Alerts with CISA KEV and n8n – Has anyone tried similar workflows?
Hi everyone, I’ve been experimenting with n8n automation to improve vulnerability management. I created a workflow that cross-references Microsoft Defender for Endpoint vulnerabilities with the CISA Known Exploited Vulnerabilities (KEV) catalog, and then automatically creates Jira tickets for remediation. The flow takes about 16 seconds to run and prioritizes only the CVEs that are both present in the environment and listed in KEV. Has anyone here built similar automation (maybe with Logic Apps, Power Automate, or Sentinel playbooks)? Would love to hear how others handle vulnerability prioritization or ticket creation!Automação de Alertas do Defender com o Catálogo KEV da CISA usando n8n
Overview Recently, I decided to explore how automation could help simplify daily security operations, especially in vulnerability management. While studying n8n, an open-source automation platform, I saw the opportunity to connect it with Microsoft Defender for Endpoint and the CISA Known Exploited Vulnerabilities (KEV) Catalog. The goal was simple: build an automated workflow that identifies which vulnerabilities detected in Defender are actively exploited in the wild, and then create actionable tickets in Jira for remediation teams — automatically and with full context. Why I Built This Most security teams deal with thousands of vulnerabilities every week, but only a small portion are actually being exploited. I wanted to find a way to prioritize what truly matters without adding more manual work. Defender for Endpoint already provides strong vulnerability data, but by combining it with the CISA KEV catalog, we can instantly highlight high-risk CVEs that need urgent attention. This project was also a great opportunity to test n8n’s flexibility and API-handling capabilities in a real-world cybersecurity scenario.
