Defender for Identity health issues - Not Closing
We have old issues and they're not being "Closed" as reported. Are we missing something or is this "Microsoft Defender for Identity" Health Issues process broken? Thanks! Closed: A health issue is automatically marked as Closed when Microsoft Defender for Identity detects that the underlying issue is resolved. If you have the Azure ATP (workspace name) Administrator role, you can also manually close a health issue.
Azure Advanced Threat Protection Sensor service terminated
Since applying June patches and Azure automatically updating the Azure Advanced Threat Protection Sensor, the service continues to bomb. Anyone else seeing this behavior? The Azure Advanced Threat Protection Sensor service terminated unexpectedly. It has done this 31 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. App event Application: Microsoft.Tri.Sensor.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.Net.Sockets.SocketException at System.Net.Sockets.Socket.EndReceive(System.IAsyncResult) at System.Net.Sockets.NetworkStream.EndRead(System.IAsyncResult) Exception Info: System.IO.IOException at System.Net.Sockets.NetworkStream.EndRead(System.IAsyncResult) at Microsoft.Tri.Infrastructure.TaskExtension.UnsafeAsyncCallback[[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.IAsyncResult, System.Func`2<System.IAsyncResult,Int32>, Microsoft.Tri.Infrastructure.TaskCompletionSourceWithCancellation`1<Int32>) at System.Net.LazyAsyncResult.Complete(IntPtr) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Net.ContextAwareResult.Complete(IntPtr) at System.Net.LazyAsyncResult.ProtectedInvokeCallback(System.Object, IntPtr) at System.Net.Sockets.BaseOverlappedAsyncResult.CompletionPortCallback(UInt32, UInt32, System.Threading.NativeOverlapped*) at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)Attack simulation Payload editor - recently broken?
Hello, Just last Wednesday, Jan. 8th, I created a new custom payload and was happy with the testing of the email. I logged in today and noticed that a majority of the formatting had been removed. I found this post: https://answers.microsoft.com/en-us/msoffice/forum/all/phishing-attack-simulation-payload-editor-is/88232e12-9744-4d87-9566-3fd5d8c2ed3a Seems like he is having the same issue I am facing. Nothing is centering and many of the blocks I have created are gone (ie the External email, banner). Anyone else having these issues or has anyone found a way to "fix" it. Here is a snip of the same payload, one sent Wednesday, the other Monday: Monday, Jan. 13th: Any help would be appreciated.What's new and What's learning period in Microsoft Defender for Identity.
In this blog post, I will explain an advanced settings capability available in the Microsoft Defender for Identity, which will help the security admins in evaluating the product and tweaking the sensitivity level of the alerts. What's Learning Period in MDI? What are the latest enhancements added to that feature? https://www.linkedin.com/pulse/whats-new-learning-period-microsoft-defender-identity-elie-karkafyMissing remediation actions
Hi everyone, Remediation actions such as Disable/Enable user in AD, Force password reset are currently not available through the Defender portal (user page, advanced hunting). Anyone aware of this change? https://learn.microsoft.com/en-us/defender-for-identity/remediation-actions#supported-actionsMDI not firing alert - "Suspicious additions to sensitive groups (external ID 2024)"
Hi everyone, i have checked our MDI installation with the Powershell - it is all green. Also the action itself is in the portal. The group is marked sensitive by default. A user gets added by another Domain Admin. This should fire an high alert? But nothin happens. Is there any setting i am missing? We started with a "german AD" so the group names are in German. But this cannot make any difference. BR Stephan
