microsoft 365 defender

45 Topics

Very High Increase in CPU activity after Update Microsoft Defender for Identity sensor
All our servers that are running this sensor (DCs, Certificate servers, AD Connect servers) showed a massive increase in average CPU utilization from virtually straight after the sensor was automatically updated to version 2.254.19112.470 (late night UK time). Two of our DCs are sitting on 100% CPU today and we can't find anything to resolve it. Has anyone else seen this since running this version and if so what actions did you take ? How would we go back to rolling back to the previous version when it appears it will just be automatically updated soon after ? This is our monitoring of CPU utilization from one of the majorly affected DCs but every server with the sensor had the exact same graph showing a major increase in CPU at the same date and time i.e. just after the sensor was updated.
Solved
TomHaz
Jan 19, 2026 Place Microsoft Defender for Identity
526Views
4likes
6Comments
Missing features in Security portal
With the Azure ATP portal we where able to do a lot more of investigation for on premises actions. We are in a large hybrid environment. Is there a way to access the old portal to get back that timeline for a user? The things we are missing out on currently that we found are the following: Password resets, where able to see that easy at the users timeline. Users being added to or removed from groups and who did it Failed logins to on premises resources You can no longer search for groups Can't export the same data as in the ATP portal. Some of us used this daily and are having trouble to figure out how to get the correct information now. I'm aware that we can see some of those things in the users audit logs for example but would be nice to be able to see it in the timeline as before.
Solved
denkajohansson
Feb 27, 2023 Place Microsoft Defender for Identity
3.3KViews
2likes
3Comments
Defender for Identity documentation refreshed
Hi everyone, Just an informational note for our fantastic community of MDI advocates... Our incredible technical content developers have just concluded a mammoth exercise in updating all Defender for Identity documentation to reflect MDI's new home in Microsoft 365 Defender. aka.ms/MDIDocs For those still transitioning from using the classic MDI portal, don't worry - the documentation for that experience still exists and is accessible from the table of contents on the left of the screen. For anybody who has pages bookmarked, they should redirect without any issues. Thanks!
Ricky Simpson
Jul 06, 2022 Place Microsoft Defender for Identity
958Views
2likes
0Comments
Missing remediation actions
Hi everyone, Remediation actions such as Disable/Enable user in AD, Force password reset are currently not available through the Defender portal (user page, advanced hunting). Anyone aware of this change? https://learn.microsoft.com/en-us/defender-for-identity/remediation-actions#supported-actions
Solved
koroioan
Sep 25, 2024 Place Microsoft Defender for Identity
689Views
1like
1Comment
Disable Honeytoken Account using Microsoft Sentinel Automation Rule
New blog post: How to Disable Honeytoken Account in AD and ENTRAID using Automation Rule in Microsoft Sentinel https://www.linkedin.com/pulse/disable-honeytoken-account-using-microsoft-sentinel-rule-elie-karkafy
elieelkarkafi
Aug 02, 2023 Place Microsoft Defender for Identity
536Views
1like
0Comments