Forum Widgets
Latest Discussions
"Duplicate" alerts in Defender for Cloud from MDE
Hello, I discovered that security alerts generated from Defender for Endpoint are causing "duplicate" security alerts in Defender for Cloud. We have several Azure Arc-enabled servers active with Defender for Server P1 which includes Defender for Endpoint integration. Hence Arc servers are automatically onboarded to Defender for Endpoint. We had a false positive caused by the addition of AV exclusions which generated an alert / incident in Defender XDR which was then synced to Sentinel. Closing the alerts in Defender XDR or Sentinel resulted in synced status between the two. However it seems the same alerts were also created in Defender for Cloud, and their status remained "open" even after being resolved in Defender XDR. The link in the open Defender for Cloud Alert effectively opens up the resolved alert in Defender XDR. So it seems to be the same alert but its status is not being synced. Is this a known issue?
Available Alerts on Microsoft of Defenders
Hi All, Can anyone help identify whether the alerts mentioned in this article will generate incidents/alerts by default on Defender for Cloud and send them to Sentinel if it is integrated? https://learn.microsoft.com/en-us/azure/defender-for-cloud/alerts-windows-machines
Enhancing Governance Rules/Notifications with Risk-Based Recommendations
Hi everyone, I'm looking to improve how governance rules in Defender for Cloud integrate with risk-based recommendations from Defender for CSPM. Currently, governance rules measure against the severity of recommendations, but our users receive emails highlighting severity without any mention of risk. This has led to confusion because the default view in the portal sorts by risk. Is there a way to make governance rules more flexible to incorporate risk-based recommendations? Also, are there any upcoming integrations for different ticketing tools like Jira? Any advice or updates would be appreciated. Thanks!
Problems adding Defender for Business Server to a 2019 Windows server.
Hi. We recently purchased a one-year subscription to Microsoft Defender for Business Servers through a retailer. I've onboarded a Windows Server 2019 device using a PowerShell script, following Microsoft's guidance, since the server is not enrolled in Intune. The onboarding process appears to have been successful, as confirmed by event logs. However, the device isn't visible in the Microsoft Defender portal. Additionally, the Defender for Business Servers license isn't assigned to the device in the Office 365 admin center. Is it possible that I'm missing a configuration somewhere in one of the Admin centers (Defender, Office 365, etc.) so the license can be applied to the device? What additional steps might be required to ensure the device is visible in the Microsoft Defender portal and the license is assigned correctly?
