microsoft 365 defender
73 TopicsMDE Platform stuck in Version 4.18.24080.9
We currently have Microsoft Defender for Endpoint for our Windows 11 Devices. Upon checking the devices in security portal most of them have "NOT UP TO DATE" PLATFORM. We tried the following to update the MDE on the clients: Get-WindowsUpdate -Install -KBArticleID KB4052623 -> Restart Update-MpSignature -> Restart Manual update by going to Virus & Threat Protection Settings -> Restart But we only see update on Security Intelligence.For MDE Platform it is stuck on Version 4.18.24080.9. What are we missing?16Views0likes0CommentsMicrosoft Defender multi Tenant managment
I work for an MSP that is going to switch out our current our current Antivirus Platform (Carbon Black) for another product. We are thinking about using MS defender as a reseller...either as an independent product or also going full O365 and migrating our clients from on Premise Exchange to 365 Exchange. However, I can't find anyone who manages MS defender (or Exchange for that matter) as a multi-tenant client. Each of our customers I understand would have their own instance and tenant ID, but I don't see any MSP managing these clients through a single interface. I have heard of Lighthouse and read about the API integration for MS defender, but I have yet to come across any companies using it in this fashion. Has anyone heard of managing a large client base for MS defender (or any MS cloud product) through successfully through Lighthouse or any other means?55Views0likes1CommentAttack Simulation Training, how many emails will be received by each user?
Here is a sample Automation setup. I want to know how many emails each person would receive in this scenario: 600 Users 14 Payloads Maximum number of simulations that can be started between the start and end dates =4 Duration 30 days How many emails will each user receive? Is that solely determined by "Maximum number of simulations that can be started?" Thanks47KViews0likes1CommentRequest for Assistance with Microsoft 365 Security (customer development) in APAC's specific countr
I have observed that many companies in my country (within the APAC region) are not fully aware of the capabilities offered by Microsoft 365 Security. As a result, they often opt for alternative products with fewer features, despite having already purchased Microsoft 365 licenses. I would like to discuss this issue directly with the Microsoft customer development/training team to explore potential solutions and improve awareness about Microsoft 365 Security in our region. is there anyone know that how to contact the appropriate team or provide any resources that could assist in addressing this concern?118Views0likes0CommentsBulk release of Quarantined Messages (PowerShell) and Release Requests
Many times we need to release lots of quarantined messages, and all we know the limitation, ( and time consuming ), that we face in the security admin portal. With the following cmdlts you'll be able to filter, check and release users quarantined messages. I'll explain only some options, ( that we'll use the most ), but you can find many other filtering options in the articles at the end of this post. Example: Get-QuarantineMessage -PageSize 500 -QuarantineTypes Bulk,Phish,Spam -RecipientAddress "EmailAddress" With this cmdlt you'll get a list of the quarantined messages sent to a specific user. Instead of -RecipientAddress we can use -SenderAddress in order to filter by sender or, both to filter the quarantined messages sent by a specific address to a specific user. The -PageSize can be configured from 1 to 1000. This is the output size you'll get in PS. You can filter by -Quarantinetypes or -Type. If you don't use this, you'll get all quarantined messages. Valid Quarantine types are: Bulk HighConfPhish Malware Phish Spam SPOMalware (Microsoft Defender for Office 365 only) TransportRule You can complete the previous cmdlt with | Release-QuarantineMessage -ReleaseToAll Example: Get-QuarantineMessage -PageSize 500 -QuarantineTypes Bulk,Phish,Spam -RecipientAddress "EmailAddress" | Release-QuarantineMessage -ReleaseToAll This will release the previous filtered messages. NOTE: If some messages were already released, the cmdlt will skip those and will not release them again. You can also report false positive to MS with: -ReportFalsePositive Sources: Get-QuarantineMessage (ExchangePowerShell) | Microsoft Learn Release-QuarantineMessage (ExchangePowerShell) | Microsoft Learn Extra tip: Recently one Admin asked about how to filter the users Release Requests in the Admin Center, in order to control those request and ensure they're being released. For that, navigate to https://security.microsoft.com On the left menu, click on "Review" and then on "Quarantine" in the central window. Now you're in the Quarantine queue view. Click on "Filter" (upper right icon) and, with many other filtering options, you'll find "Release requested" (see screenshot below). Applying this filter, you'll then see only the Quarantined messages for those that a Release Request was launched by the user. So you can easily work with that queue and empty it if required.13KViews0likes2CommentsMy Tenant is the Victim of a Persistent Email Spoofer
Hi all, for 5 days now a specific user in my tenant has been the target of a mass email spoofing attack. This users email address has been spoofed, and now we're absolutely flooded with "Undelivered Mail Returned to Sender" bounce back emails. The attacker is impersonating this user by editing their headers to make the email appear to be coming from us. The attacker is sending a purchase order number out trying to collect payment. I have confirmed that the affected user's email is not sending out anything, and that the tenant as a whole is not sending out malicious emails. Most of these emails are being originated from the same domain: "ns1.ezginplc.co". I have already reported this domain to the FBI, but obviously there is nothing they can really do. On my end, being the only admin for a small 8 person company, I have added a rule to simply drop these emails from ever being delivered from this domain. Unfortunately, not every email the attacker is sending is from this domain, and some items get through and get quarantined, have to be deleted form the users inbox, or worse and they make it through and annoy the living hell out of the user. I was hoping that this attacker would move on, but they have been at this for a week and are sending upwards of 4 thousand emails a day. What is there that I can actually do about this? Further, why is email so easy to impersonate and commit crime with, and why isn't a solution being developed from big tech?599Views0likes2CommentsMicrosoft Defender For Emails & Collaboration
Hello All, Based on my organization's requirements, we have configured the Microsoft Defender For Emails & Collaboration Threat policies. But, Under the Preset Security policies., we haven't enabled Standard or strict protection policies. What will happen if I enable the Standard or strict protection policies now? Will it revert/break all custom policies created based on the organization's requirements? Any suggestions? Thanks,485Views0likes0CommentsAnti-Malware Policy blocks inbound email with pdf attachment
Hello, does anyone have an idea why the anti-malware policy blocks inbound emails with PDF attachment, even though the policy should not block PDFs? It's the default anti-malware policy and blocks only certain PDFs, I checked them and there are no sign of malware. Thanks Valentin621Views0likes1Comment