Threat Protection
53 TopicsFile Policy: Change stale externally shared files from modified to created with same parameters
Hello, So I applied a file policy which works great with our organization which is the "Stale externally shared files". This File policy detects any files shared externally that have not been modified for X amount of days. My question is, can I change this modified parameter so that instead of modified, it's created? Here's a screenshot of what I mean. When I add the Created parameter, it only gives me data ranges instead of by days like in the last modified parameter. Is this a customized parameter that comes with the policy? Can I replicate it with Created? How can I make it so that it can detect any files that were created more than X days, to apply governance actions? Thank you!2.3KViews0likes1CommentNew blog post | Correlating alerts in Microsoft Defender for Cloud
Alerts in Microsoft Defender for Cloud are notifications generated when potential security threats and anomalous activities are detected within your cloud environment. These alerts provide crucial information and insights, enabling SecOps teams to effectively identify, prioritize, and respond to potential malicious activity. Correlating alerts in Microsoft Defender for Cloud - Microsoft Community HubNew blog post | Microsoft Defender for DevOps Azure DevOps Connector - Microsoft Defender for Cloud
This article is a continuation of Microsoft Defender PoC Series which provides you guidelines on how to perform a proof of concept for a specific Microsoft Defender plan. For a more holistic approach where you need to validate Microsoft Defender for Cloud, please read How to Effectively Perform an Microsoft Defender for Cloud PoC article.There are two DevOps platforms currently covered by Defender for DevOps- GitHub and Azure DevOps. This article will go into detail about Azure DevOps Services. Microsoft Defender for DevOps Azure DevOps Connector - Microsoft Defender for Cloud PoC Series - Microsoft Community HubMacOS / MDATP - MCAS Integration
Currently the MDATP powered cloud discovery, application blocking and other capabilities are restricted to Windows 10 devices. Does the development roadmap for MDATP and MCAS have the same capabilities in development for Mac? Can expect feature parity in areas like this as the Mac MDATP platform matures?Solvedmcas - malware detection policy
Hi all, just wondering whether or not the malware detection policy is just a "detection" policy 🙂 with no remediation or mitigation impact on the related findings. In other words, once the policy found suspicious files containing malware within SpO or OfB, it only alerts within mcas, but does nothing more on that file like moving to quarantine or similar. Am I right? Thank you ThomasMCAS keep triggering alerts for a whitelisted IP
We have the impossible travel alert policy in place. We get some users occasionally connecting from other countries for legitimate reasons (Ie VPN/Cross country Apps etc..). We have whitelisted these IP's (all the IP are static) as corporate but the policy keeps triggering. The alerts shows the whitelisted IP. The whitelist is performed in the "IP address ranges" from MCAS. Has anyone experienced this issue? Appreciate any insights on this. Thank you!MCAS + Azure ATP integration
Hello MCAS Team! I have a question about MCAS, I have configured Azure ATP integration with MCAS, and am looking to generate reports in MCAS for certain behavior identified by Azure ATP. As you can see in my screenshots below, I see a number of alerts generated by the "Remote Code Execution Attempt" policy in ATP, but don't see it in MCAS. Any ideas on why that could be?