Weird updates "Security Threat Intelligence" on desktop
Hi guys, my name is Mo and I am new to the XRD community 🥰 I m observing anomalous device behavior. Upon login or wake-up, multiple virtual machines are active, some exhibiting headless screen reader functionality. This issue emerged following the installation of Microsoft security threat intelligence updates. Considering Windows Defender's machine learning and predictive maintenance capabilities, I question the deployment of these updates to my system. Is this update a standard Windows component? The associated URL is currently inaccessible. I acknowledge the potential of XR, CDN, and Hologres technologies (and other Azure/cloud-enabled features) to alter user experience. Could someone provide clarification regarding these iterative security updates? My usage is limited to cloud platforms and reputable open-source software; I do not utilize malicious websites. Thank you. #misclassification?"Copy to clipboard" balloon tip blocks Copy icon
If you have 1920x1080 screen resolution or higher, this annoying balloon tip wreaks havoc by blocking the "copy" icon. I find this balloon tip to be the least necessary thing ever. Everyone who's job involves using the Defender portal knows what that icon means and the fact that it is blue lets us know even more concretely that we can click it. Does anyone else have this issue and/or find this annoying? The next thing that is also problematic in the same way, the way we have to use these balloons to first sort columns ascending, before we can ever sort descending. And we can't just click the obvious arrows, we have to click, get the balloon, choose "Sort ascending", then click again, get the next balloon, finally choose "Sort descending". I'm flabbergasted as to how anyone thought this was going to be helpful (making a simply sort button require so many clicks just to sort columns). I give feedback in the portal about these two things often, but it doesn't go away. These 2 UI elements are no good, need to go.
MDO query of EmailEvents is not accepted in the flow which is why causing the badgateway error
When used the following MDO query of EmailEvents it is working in the Defender control panel but when applied through 'Advanced Hunting' action in Power automate application given bad gateway error. Is this query supported in this application?
ASR Rule Blocking ms-teams.exe
Hi, We have seen the ASR Rule for, 'Block Office communication application from creating child processes' start to block ms-teams.exe, this morning which is causing quite a lot of issues in the estate. The current workaround is to set the ASR Rule of, 'Block Office communication application from creating child processes', to Audit Mode instead of Block Mode. This has also been mentioned by a couple of people now on Twitter, so is MS aware of this issue and do you know when a fix may be in place for this, so I can safely move the ASR Rule back to Block ModeDefender RBAC - Grant at least priviliged for Quarantine handling NOT WORKING
Hi everyone, I've already deployed new Defender RBAC permission. I want to assign permission for quarantine message handling WITHOUT Preview Message option. I,ve configured Defender RBAC in follow settings:     I've assgined only Security Basic (read) NOT Quarantine handle and NOT Quarantine RAW Contect permission Effect (in production!)   I can't assign at-least permission. Currently everyone who has at least permission in Defender RBAC can read all email content for everyone user in organization!!   Anyone can help with this case? Follow Defender RBAC docs this user should not have any permission for reading other mails! -- Kind Regards          
Excluded Microsoft 365 Defender
I want from the Microsoft 365 Defender panel to create exceptions on one or more computers, that is, so that the antivirus does not scan elements that have been excluded in the exclusion list, but I cannot find that option or if it is possible I want from the Microsoft 365 Defender panel to create exceptions on one or more computers, that is, so that the antivirus does not scan elements that have been excluded in the exclusion list, but I cannot find that option or if it is possible
