Ninja Cat Giveaway: Episode 3 | Sentinel integration
For this episode, your opportunity to win a plush ninja cat is the following - Reply to this thread with: what was your favorite feature Javier presented? Oh and what does UEBA stand for? This offer is non-transferable and cannot be combined with any other offer. This offer ends on April 14 th , 2023, or until supplies are exhausted and is not redeemable for cash. Taxes, if there are any, are the sole responsibility of the recipient. Any gift returned as non-deliverable will not be re-sent. Please allow 6-8 weeks for shipment of your gift. Microsoft reserves the right to cancel, change, or suspend this offer at any time without notice. Offer void in Cuba, Iran, North Korea, Sudan, Syria, Region of Crimea, Russia, and where prohibited.Ninja Show Episode 1 Season 4 is available!
Did you miss our show today? No worries - we have the recording up for you already!! (113) Investigation Capabilities in M365 Defender | Virtual Ninja Training with Heike Ritter - YouTube The new files page we are showing, will be available in public preview end of this month. If you have any questions on this topic, please ask them! Also, please let us know how you liked it and share your ideas for additional episodes 🙂
Can't find correct RBAC permissions to approve AIR actions
I've been configuring custom RBAC roles, and even though the "Response (manage)" permission in the Security Operations permissions group includes "approve or dismiss pending remediation actions," it doesn't work. I've tried it with pending "soft delete emails" actions in the Action Center, and I get an error. The only way we can approve or reject these actions is with the Entra Security Administrator role checked out. Does anyone know which RBAC permission is supposed to grant the rights to approve these remediation actions?How to get alerted on pending items in the Action Center
Good morning all! Part of my daily duties is to ensure that items in the Action Center are acted upon in a timely manner. I have been trying to find ways to be able to be alerted on new items, but there is nothing in Microsoft documentation, or anything that is obvious. I have scoured the internet, where I stumbled upon an old post about having to use a PS script, but there has to be some sort of notification Microsoft can send out on these items?! Since these items are time sensitive, I am having to check constantly for any new soft/hard delete emails.
M365 Defender to Service Now integration
I see that there was a Defender integration to ServiceNow and that the preview period has expired. When it says that this capability is no longer available, does that that mean that this has been turned into a commercial offering which we can purchase or subscribe to, or that Microsoft is no longer contemplating a Defender/Service Now integration? https://learn.microsoft.com/en-us/microsoft-365/security/defender/tickets?view=o365-worldwideDelete computer application - Defender 365
Hey, I'm trying to fix weaknesses that are marked on our Microsoft 365 Defender. I'm created an Intune package to install the new version of Firefox - however it didn't remove the old versions. Is there a way for me using: Defender/Intune/GPO to remove multiple old versions of Firefox for example, that are installed on the users computers? I can see the list of devices that are affected but how can I fix it as quickly as possible? Thanks!
