Microsoft 365 Defender Blog

Options
5,760
OferSchreiber on Sep 18 2023 09:00 AM
5,778
Heike Ritter on Sep 01 2023 04:24 AM
12.1K
Daniel Naim on Aug 16 2023 10:10 AM
5,472
Heike Ritter on Aug 01 2023 08:12 AM
9,891
Oren_Saban on Jul 24 2023 09:00 AM
3,110
Caroline_Lee on Jul 18 2023 08:30 AM
6,597
Oren_Saban on Jul 10 2023 08:52 AM
11.6K
Nathan Swift on Jul 06 2023 09:00 AM
7,538
LiorShapira on Jul 04 2023 09:55 AM
9,503
Heike Ritter on Jun 30 2023 06:16 AM
7,661
Douglas Santos on Jun 13 2023 09:00 AM
18.5K
israelcohen on Jun 06 2023 09:53 AM
4,098
Heike Ritter on Jun 06 2023 03:51 AM
13.4K
Greg Wiselka on Jun 05 2023 05:58 AM
10.2K
assafyatziv on May 23 2023 05:54 AM
10.8K
Idan_Pelleg on May 22 2023 08:10 AM
19.1K
eyalh on May 17 2023 10:03 AM
5,414
Heike Ritter on May 02 2023 05:33 AM
16.4K
Caroline_Lee on Apr 25 2023 06:20 AM
6,724
Keith_Fleming on Apr 06 2023 01:15 PM
2,522
Heike Ritter on Apr 05 2023 05:38 AM
6,551
Heike Ritter on Apr 03 2023 04:52 AM
17.2K
SehrishKhan on Mar 28 2023 08:00 AM
10.9K
Tali Ash on Mar 13 2023 08:30 AM
9,265
Pawel Partyka on Mar 08 2023 09:00 AM
6,586
Heike Ritter on Mar 03 2023 01:40 AM
23.8K
eyalh on Feb 22 2023 06:20 AM
17.8K
Eran_Nachshon on Feb 16 2023 01:56 PM
7,247
Caroline_Lee on Feb 15 2023 09:00 AM
7,743
Heike Ritter on Feb 06 2023 03:53 AM

Latest Comments

Can a SOC which only looks at the UI suspect the following?DeviceProcessEvents| where Timestamp > ago(1d)| where FileName =~ "vssadmin.exe" and ProcessCommandLine has_any("list shadows", "delete shadows")or FileName =~ "fsutil.exe" and ProcessCommandLine has "usn" and ProcessCommandLine has "deletej...
0 Likes
Any plans to add an action to revoke active O365 sessions?
0 Likes
I like the idea of this however it is a bit bare bones at the moment. Will there be more features from added to this multitenant portal eventually? I noticed that it gave me an error when trying to run some of the threat hunting queries. Seems you cannot do table joins in the multi-tenant queries. I...
1 Likes
@Daniel Naim, great work on this new feature addition to MDI. Can the group Managed Service Account (gMSA) be used as a directory service account on AD CS with the MDI sensor? If yes, please point me to the documentation.
0 Likes
@David Wanderer there is nothing concrete we can share at the moment, but we're aware of the need to easily enable alerts based on the insights of behaviors and we are considering it as part of our future plans.
0 Likes