Blocked by organization policy : Antimalware policy block by file type
Hi Can someone please shed some light on this. I am trying to identify if a DLP or Anti-malware policy is blocking an email. The real-time detection has this: Primary Override : Source Blocked by organization policy : Antimalware policy block by file type Would this be one of the policies in policies & rules>threat policies> anti-malware ? I was hoping there would be a setting that can pin-point the policy name or rule. Please advise
How to Connect MS Secure Scores to Power Query?
The Microsoft 365 Defender Portal (https://security.microsoft.com/) has a 'Secure Score' page, which contains the following: An overall secure score which is then broken down by Identity, Data, Device, and Application secure scores. I would like to be able to pull these four scores into a Power BI report; however, I have had some difficulty in putting together a solution. This data seems like it could be found in the Microsoft Graph API, but https://learn.microsoft.com/en-us/power-query/connecting-to-graph. I've tried other Defender APIs, but they all seem either outdated or out of scope for what I'm trying to pull. Can anyone advise? Thanks for reading.
Expiring server certificates
Hello. I have a question defender 365 displays information about expired and future certificates on given servers in a given localization. Why does defender display certificates that no longer exist on a given server? Is there any way to make this monitor work properly? clearing the cache on given servers or restarting the defender service on a given server also does not help and defender catches some certificate. Has anyone encountered something like this?
Secure Score per Device Group
Hello All, I want to ask if it's possible to add Secure Score calculation per Device Group/Tag in the Defender Secure Score Overview. We manage multiple devices, some of which are handled by local IT and in different domains. We need a separate secure score calculation since it gives us an initial metric of where we are compared to other domains/device groups. You already have the option in Vulnerability Management> Security Recommendations (per device group),can we have it for Secure Score also? Best Regards, NickRemove access rights on suspicious accounts with the Admin SDHolder permission
Hi, Can the Defender Team please add more information regarding the improvement action "Remove access rights on suspicious accounts with the Admin SDHolder permission"? All sites appear to have this action triggered as "TO ADDRESS" but it displays "Users affected - No data to show" and under "Exposed Entities" it is blank with a line at the bottom displaying: {ISPM_REPORT_SUSPICIOUS_ADMIN_SD_HOLDER_USERS_TABLE_EMPTY_PLACEHOLDER} Just over 24 hours of initial detection the "Exposed Entities" section of "Remove access rights on suspicious accounts with the Admin SDHolder permission" now shows "No non-sensitive Admin SDHolder users" but it is still marked as "To address". Also please note the "More Information" links do not point to any useful or specific information for this improvement action. Thanks, Gary
