XDR Critical asset management - Custom classifications not picking up assets
Hi community, I tried creating a number of Custom classifications. For example, by creating a filter on Identity -> AD Roles, or Cloud resource -> Category -> virtual_machine. When previewing the filter during creation, it displays the desired results. The classifications are created without any errors. But when I go back after refreshing the page, the Custom classifications I just created contain "0" resources. Clicking any classification , on the Assets tab, they show zero members (assets). What did I do wrong? Best Regards, Andy
Sent from Outlook for iOS links Being Quarantined in Defender
Hi, Microsoft seem to be falsely flagging their own shortening URL forhxxps://aka.ms/o0ukef as High Confidence Phishing This is the link that is created in emails when a user sends an email from Outlook for iOS This is causing a lot of emails to be blocked and sent to the Quarantine queue. Can someone at MS take a look and get this addressed.
Recieving increasing number of phishing attempts mimicking Microsoft MFA QR Codes
Even though we are MS 365 defender customers for all our users (EMS + E3) we are receiving an increasing number of phishing attempts based on good looking MFA connection requests. Furthermore these are based on QR Codes, which can be used on a smartphone where the security rules will be helpless against such attacks. And these attempts are absolutely not filtered.
Blocked by organization policy : Antimalware policy block by file type
Hi Can someone please shed some light on this. I am trying to identify if a DLP or Anti-malware policy is blocking an email. The real-time detection has this: Primary Override : Source Blocked by organization policy : Antimalware policy block by file type Would this be one of the policies in policies & rules>threat policies> anti-malware ? I was hoping there would be a setting that can pin-point the policy name or rule. Please advise
Microsoft MDR Service
Customer is interested in Microsoft Defender Experts for Hunting Service https://www.microsoft.com/en-us/security/business/services/microsoft-defender-experts-hunting Is this service something that is only used when a security incident has already happened? Or, is this a service that they could add to ensure we have experts evaluating our environment 24x7 all year? Also, how is it priced?Reject policy for all email that are not a active user
Is there a policy or rule that reject all inbound email that are send to not active users. As a dynamic rule / policy. Or a way to allow emails to active users and the rest reject. It could be a simple one, but i can not find it. If this is not a option to create this, please see this as a feature request. Threat Intelligence Threat Hunting Microsoft Defender for Office 365 Threat Analytics
