Forum Widgets
Latest Discussions
Investigation state Queued
I see a number of messages in our Defender XDR Incidents with a status of Queued. What does this status mean? This appears to only be related to Defender for Office 365 incidents, usually email reported as junk/phish/notjunk etc type of incidents. Regardless of whether I investigate or change the status of the incident, in remains in the Incidents list as queued. I cannot find clear documentation on what this state means or what action is required to resolve/close the incident. Can anyone shed any light on the what the queued state means and how to resolve a queued incident.
MDO query of EmailEvents is not accepted in the flow which is why causing the badgateway error
When used the following MDO query of EmailEvents it is working in the Defender control panel but when applied through 'Advanced Hunting' action in Power automate application given bad gateway error. Is this query supported in this application?Where and how is AI used in Defender XDR?
Hi everyone, i was searching for an overview of where and AI is used in Defender XDR. Do you have a quick oversight of this? That would be great. Also how this data is used for training and decisions. I know it is used in Attack disruption and Copilot for Security ( ;) ) - but i need a complete list. BR Stephan
Audit logs for Vulnerability Management Remediations
Hello all, Are there any audit logs that can be queried for the creation of Remediations under Endpoint Vulnerability Management (https://security.microsoft.com/remediation/remediation-activities)? I know that there are API endpoints that can be queried for this information, but we are looking for additional options. The endgame is to have a ticket created in our external help desk ticketing system when someone creates a Remediation from a Recommendation. Any advice is appreciated! Thanks, - Steve
List Unified RBAC role assignments?
I can look in the XDR portal to see the current role assignments, but I would like to have a script to list the current assignments. Perhaps with PowerShell and/or Graph API. I tried to find anything, but it all seems to refer to Entra ID (custom) role assignments, not Defender XDR (or is that the same?). Anyway, my current issue is 1. that I have to go trough each and every role assignment one by one and 2. that when I have only read acces, the group names in the assignment are truncated as these are too long to fit in the boxDeploying Defender for Business without o365 accounts
Hi, I have few SMB customers, who due to nature of their buiness do not want/need o365 accounts. Beside, their company policy does not allow them to store any business data in clouds abroad. However, they all have their local AD domain and Windows-only environment. Now, I would like to setup Defender for Business + Huntress MDR as a good and affordable threat protection combo, but here my questions begin. Please, shed some light on this: Does Defender for Business actually need endpoint users to be actually signed-in into their o365 accounts for full protection to work properly? What if they aren't - would full protection still be in place, or would Defender for business functionality drop down to basic antivirus, like regular Defender? Is Defender for Business in my case really so complicated and hard to install and setup? I've read some instructions and there is a ton of documentation, Ps scripts and tools, like Intune and such and despite being 40+ years in computer engineering, I got lost. Mostly because I do not use a ton of Microsoft products daily. Does Defender for Business have some easy to manage Cloud management tool, where I would see and manage all installed Defenders for Business? Or must I learn those Intunes, Azure, o365 Security and Defender portals, which are total overkill for those SMB which I manage? Thank you!
