Unable to view certain defender alerts
Hi Team, We are unable to view certain defender alerts from defender portal. We are able to pool alerts using graph api and from the output -> using alertWebUrl we tried to view the alert. We observed "You can't access this section" error message. (Sorry, you can't access this section. Check with your administrator for the role-based access permissions to see the data). But we are able to view other alerts, (Ex: Above error is for XDR alert, but we are able to view other XDR alerts). Is it possible to allow access to view only few XDR alerts?
Microsoft Defender for Endpoint Security (STIG) Microsoft Challenge' of Debugging WinForms Designer
Microsoft Defender for Endpoint Security Technical Implementation Guide (STIG) for review https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Defender_Endpoint_V1R0-1_IDraftSTIG.zip as per: Daily intelligence Brief p802 (Final) Microsoft Plugs Away at 'Huge Technical Challenge' of Creating Debugging WinForms Designer on .NET Core its very basic for me, like kindergarden stuff, hey get me on international microsoft advertisement commercial enterprise or something? Common, my 20 year National security assignment is nearly over, lunch anyone, & im as rich as Bill Gates say Hi to Avi for me, Presadi has a long history of being a big **bleep**
Issue with log collection from Microsoft XDR to Azure storage
Hello, We are currently facing an issue with collecting logs from Microsoft XDR and forwarding them to Azure Storage. We are aware of below two methods for forwarding logs from Microsoft XDR to Azure: Forward events to Azure Storage Forward events to Azure Event Hub Issue Details: Method 1: When using the "Forward events to Azure Storage" approach, we end up with different containers being created for each event, but we would prefer to have all the events stored in a single container. Method 2: When using the "Forward events to Azure Event Hub" approach, we are able to store all the events in a single container, but in this case, the logs are stored in Avro format instead of JSON, which is not our desired format. Our goal is to store all event logs in one single container in JSON format. Has anyone faced this issue or found a way to achieve this setup? Any guidance or solution would be greatly appreciated. Thank you!Weird updates "Security Threat Intelligence" on desktop
Hi guys, my name is Mo and I am new to the XRD community 🥰 I m observing anomalous device behavior. Upon login or wake-up, multiple virtual machines are active, some exhibiting headless screen reader functionality. This issue emerged following the installation of Microsoft security threat intelligence updates. Considering Windows Defender's machine learning and predictive maintenance capabilities, I question the deployment of these updates to my system. Is this update a standard Windows component? The associated URL is currently inaccessible. I acknowledge the potential of XR, CDN, and Hologres technologies (and other Azure/cloud-enabled features) to alter user experience. Could someone provide clarification regarding these iterative security updates? My usage is limited to cloud platforms and reputable open-source software; I do not utilize malicious websites. Thank you. #misclassification?MDO query of EmailEvents is not accepted in the flow which is why causing the badgateway error
When used the following MDO query of EmailEvents it is working in the Defender control panel but when applied through 'Advanced Hunting' action in Power automate application given bad gateway error. Is this query supported in this application?
Old Account transferred to the Entra Tenant
Hi All, My original community account got transferred without any notice to my tenant account. I am worried if this is a security breach as another a new user was also created (this one) automatically when I logged into my community account. Let me know any plausible explanation for what's happening here. So, there's this community account with which I am posting the issue, and the other two shown below. Sids1 Sids11 User ID 2252914 for Sids1 User ID 2468034 for Sids11 Best Regards, Siddhartha Sharma
ASR Rule Blocking ms-teams.exe
Hi, We have seen the ASR Rule for, 'Block Office communication application from creating child processes' start to block ms-teams.exe, this morning which is causing quite a lot of issues in the estate. The current workaround is to set the ASR Rule of, 'Block Office communication application from creating child processes', to Audit Mode instead of Block Mode. This has also been mentioned by a couple of people now on Twitter, so is MS aware of this issue and do you know when a fix may be in place for this, so I can safely move the ASR Rule back to Block Mode
Authenticator app not working
I am the admin of my organization and I cleared my computer's cache and it asked me to log in again to my professional account. Once I entered the email and password, it told me to write a code in the authentication app, but the app does not give me any option to enter the digit of two numbers, in fact it asks me to enter my account and from the same app it asks me to enter the two-digit code in the app, which has no sense. Since it is a professional account, the only option to log in is to use the authenticator app, either by typing in the app the two-digit code that appears on the computer or by typing a six-digit digit on the computer that should appear on the application, which does not happen.
