Excluding SharePoint sites from "Never Delete" Policy?
Is there a way to exclude certain SharePoint sites from a Never Delete compliance policy, so that they are allowed to be manually deleted? And if so, how long after I add them to an exclusion list should they become available to be manually deleted?
Filtering Alerts for Activity type ElevateAccess Microsoft.Authorization
Hello guys I was playing around with Microsoft Defender for Cloud Apps and Power Automate and created a policy in MDCA for detecting the usage of the elevate access option in Azure Active Directory. The problem I'm having is that when the policy for that activity is triggered it creates two alerts one with the description: "ElevateAccess Microsoft.Authorization:resource/providers/Microsoft.Authorization-Started" and one with "ElevateAccess Microsoft.Authorization: resource /providers/Microsoft.Authorization- Succeded". That in itself wouldn't be a problem but if the policy is connected with a Power Automate Flow said Flow triggers two times for basically the same event. Now my question is if any of you have an idea on how to solve this problem? I tried filtering for the activity objects the alert provides but that didn't work. best regards thezeroMCAS Policy Creation
I have noticed an increasing number of accounts being compromised, without generating any alerts I have configured in the Microsoft Cloud App Security portal (Ie. Impossible travel activity) Is there anyway to create an alert policy for "Run Command: task MailItemsAccessed" when it happens outside of the US? For example the activity above would generate an alert because the task MailItemAccessed occurred in Japan. What would that policy look like in the MCAS portal?
