User Profile

P4tr8k

Brass Contributor

Joined 4 years ago

21 Posts4 Likes3 Solutions

View All Badges

User Widgets

Recent Discussions

Re: Activating Multiple AD roles together with PIM
MSILinda thanks but no, in groups you can use both scenario (eligible and active). Regards!
Aug 16, 2024 Place Security, Compliance, and Identity
2.4KViews
0likes
1Comment
Re: AD Identity Protection - Self-Remediation for Confirmed Compromised users?
Hi, I had this same problem. In our case I created another logic app and dissmiss risk. In my case this logic app start working when user successful perform MFA.
Aug 06, 2023 Place Microsoft Entra
832Views
0likes
0Comments
Re: Wacatac malware from email attachments
Hi, in last few week we are seeing a lot of alerts related to Wacatc so i think here is any massive phisihng campaings.
Apr 03, 2023 Place Microsoft Defender for Endpoint
571Views
0likes
0Comments
Re: Re-install MDE.Windows extension
Hi man, do you know more about this manual method used by microsoft engineer?
Apr 03, 2023 Place Microsoft Defender for Endpoint
22KViews
0likes
5Comments
Re: Re-install MDE.Windows extension
Hi, i have the same problem. It's impossible to install this using Extension so in my case i manualy install this package (you can download it from security.microsoft.com -> Settings -> Endpoint -> Onboarding). You can try do this in another way - uninstall all installed product (in this case only ARC because MDE is not installed) and install this one more time - and here should be normal automatic deploy process (if you have configure automatic agent provisioning). Regards!
Mar 21, 2023 Place Microsoft Defender for Endpoint
22KViews
0likes
2Comments
Re: Ninja Cat Giveaway: Episode 4 | Defender Experts for Hunting Overview
Defender Experts are people who help search for and respond to threats in the organization. You could say it's a kind of external SOC. Threat Hunting is the proactive process of searching and identifying threats and risky/unusual behavior within an organization perimeter.
Mar 16, 2023 Place Microsoft Defender XDR
51KViews
1like
0Comments
Re: Restart Windows 10 and 11 from MDE
Unfortunately not. Here is no any information for user and restart should be performed immediately. But if you want to play with scripts you can write powershell script (force restart) and upload and run this script using Live Response session. But it's a long process.
Mar 15, 2023 Place Microsoft Defender for Endpoint
5.2KViews
0likes
1Comment
Re: Restart Windows 10 and 11 from MDE
Hi, by using MDE no but you can use Intune to force restart. https://learn.microsoft.com/en-us/mem/intune/remote-actions/device-restart#restart-a-device
Mar 15, 2023 Place Microsoft Defender for Endpoint
5.3KViews
0likes
3Comments
Re: Ninja Cat Giveaway: Episode 3 | Sentinel integration
Definietly the Automation section! I'm currently working on it in my organization, so the information from the episode came in handy. UEBA - User and Entity Behavior Analytics
Mar 15, 2023 Place Microsoft Defender XDR
51KViews
1like
0Comments
Re: Defender For Endpoint P1 And P2 Can Onboard Windows Server On-Prim ?
Hi, Defender for Endpoint licenses is designed to Endpoint Devices only (Workstation + Mobile). As you can see in the attached picture you can implement it like you did but it is not license compliant. If you want deploy Defender For Servers you should use Defender for Cloud for Servers.
Feb 16, 2023 Place Microsoft Defender for Endpoint
1.7KViews
0likes
1Comment
Re: Advanced Hunting for last full scan
Hey 🙂 Try this: DeviceEvents | where ActionType contains "AntivirusScan" | extend AdditionalFields = todynamic(AdditionalFields) | extend ScanType = AdditionalFields.["ScanTypeIndex"] | project Timestamp, DeviceName, ActionType, ScanType | where ScanType contains "Full" and ActionType contains "AntivirusScanCompleted" If you want see other status than Completed remove "and ActionType contains "AntivirusScanCompleted""
Feb 16, 2023 Place Microsoft Defender for Endpoint
4.8KViews
0likes
1Comment
Re: How to test ASR policy AsrPsexecWmiChildProcessAudited ?
Hi, you can use: https://demo.wd.microsoft.com/Page/ASR https://demo.wd.microsoft.com/Page/ASR2
Jan 27, 2023 Place Microsoft Defender for Endpoint
2KViews
1like
1Comment
Re: Activating Multiple AD roles together with PIM
Hi, you can use Privileged Access Groups feature: https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/groups-features#activate-multiple-role-assignments-in-a-single-request
Nov 08, 2022 Place Security, Compliance, and Identity
10KViews
0likes
5Comments
Re: Azure Security baseline for Defender for Cloud
Hi, This point applies to collecting logs from Azure Resources not directly from Defender for Cloud. Here you have a link describing what data you can and you should collect: https://learn.microsoft.com/en-us/azure/defender-for-cloud/monitoring-components
Oct 25, 2022 Place Microsoft Defender for Cloud
1.4KViews
0likes
1Comment
Re: Microsoft Defender Antivirus Modes
You can try use this: https://github.com/microsoft/Microsoft-365-Defender-Hunting-Queries/blob/master/General%20queries/MD%20AV%20Signature%20and%20Platform%20Version.md
Oct 11, 2022 Place Microsoft Sentinel
2.3KViews
0likes
3Comments

Groups

Recent Blog Articles