XDR Critical asset management - Custom classifications not picking up assets
Hi community, I tried creating a number of Custom classifications. For example, by creating a filter on Identity -> AD Roles, or Cloud resource -> Category -> virtual_machine. When previewing the filter during creation, it displays the desired results. The classifications are created without any errors. But when I go back after refreshing the page, the Custom classifications I just created contain "0" resources. Clicking any classification , on the Assets tab, they show zero members (assets). What did I do wrong? Best Regards, Andy
Sent from Outlook for iOS links Being Quarantined in Defender
Hi, Microsoft seem to be falsely flagging their own shortening URL forhxxps://aka.ms/o0ukef as High Confidence Phishing This is the link that is created in emails when a user sends an email from Outlook for iOS This is causing a lot of emails to be blocked and sent to the Quarantine queue. Can someone at MS take a look and get this addressed.
Recieving increasing number of phishing attempts mimicking Microsoft MFA QR Codes
Even though we are MS 365 defender customers for all our users (EMS + E3) we are receiving an increasing number of phishing attempts based on good looking MFA connection requests. Furthermore these are based on QR Codes, which can be used on a smartphone where the security rules will be helpless against such attacks. And these attempts are absolutely not filtered.
Blocked by organization policy : Antimalware policy block by file type
Hi Can someone please shed some light on this. I am trying to identify if a DLP or Anti-malware policy is blocking an email. The real-time detection has this: Primary Override : Source Blocked by organization policy : Antimalware policy block by file type Would this be one of the policies in policies & rules>threat policies> anti-malware ? I was hoping there would be a setting that can pin-point the policy name or rule. Please advise
Microsoft MDR Service
Customer is interested in Microsoft Defender Experts for Hunting Service https://www.microsoft.com/en-us/security/business/services/microsoft-defender-experts-hunting Is this service something that is only used when a security incident has already happened? Or, is this a service that they could add to ensure we have experts evaluating our environment 24x7 all year? Also, how is it priced?Reject policy for all email that are not a active user
Is there a policy or rule that reject all inbound email that are send to not active users. As a dynamic rule / policy. Or a way to allow emails to active users and the rest reject. It could be a simple one, but i can not find it. If this is not a option to create this, please see this as a feature request. Threat Intelligence Threat Hunting Microsoft Defender for Office 365 Threat AnalyticsStandard Security Policy flagging too many emails as "Potential Phishing"
We decided to enable the Standard Security Policy for Defender on our Microsoft 365 tenant, and immediately noticed that it was quarantining way too many emails that it flagged as either Phishing or High Confidence Phishing (mostly automated notices from cloud services like Asana, Klaviyo, etc.). These are emails that would easily be allowed through any other mail scanning firewall I've used in the past. I'm now concerned about using Defender's "Standard Security Policy" level for Defender, for fear that it's going to have my users missing emails that should easily be passing through, because Defender moved them to Quarantine or Junk. Is there a way to modify the aggressiveness levels for the Standard Security Policy?
