User Profile
VinodS2020
Brass Contributor
Joined 4 years ago
User Widgets
Recent Discussions
get the latest updates on Antivirus agent in MS defender with below capabilities of it via Intune or
What is the frequency to get the latest updates on Antivirus agent in MS defender with below capabilities of it via Intune or Defender for devices? 1. Anti-malware version 2. Signature version 3. Engine version 4. Last quick scan signature versionGet notified by email when someone tries access or login with service account credentials in m365 te
How to get notified by email when someone tries access or login with service account credentials in m365 tenant? As I saw some settings in Cloud App security but now I am not able to find it and setup/configure it?Testing of web content filtering policy from M365 Defender
How to test web content filtering policy from M365 Defender as I am not able to see the option to target a specific group for testing purposes? See below snap Also I am seeing below on the link here: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/web-content-filtering?view=o365-worldwide#:~:text=To%20add%20a,the%20selected%20categories.How to check or get to know what all services from M365 tenant are sending emails from the respectiv
How to check or get to know what all services from M365 tenant are sending emails from the respective primary domain attached to tenant? Also I wanted to bring this into notice and raise an awareness that threat actors are also sending similar kind of emails to people and those emails are not being cought by EOP and MDO and all other strict policies applied via EOP and Defender across M365 tenant and this seems really concerning if those are not cought by specially EOP then it could be harmful and end users may fall for it to delete items and click on malicious links in the phishing emails and get in Identity/credential theft or give unwanted access to attackers. For example: End user got an email few days back saying that "Your mailbox is almost full" and user need to delete or move some items from inbox and this email was delivered to end users mailbox from the primary domain showing this.capability to detect password protected files to during the email delivery and ZAP process of the e
Does M365 Defender & EOP has capability to detect password protected files to during the email delivery and ZAP process of the email in user mailbox? If yes how we can configure to stop such emails and put them into quarantine and stop the email delivery to end users? I have another follow-up question on this is that if we deploy this Transport rule to quarantine false or parked domains emails like phishing or spam and unwanted emails then how we would filter and allow the legit email domains to send out such files like .PDF, Docs, excel and other password protected files to users mailbox without putting them into Quarantine?Idle session timeout Conditional access policy for unmanaged devices
What is the default time period for this policy in Conditional access policy for Idle Session timeout" policy as I was looking for way to create this policy for unmanaged devices in the tenant and when I checked it there is not filter or checkbox where we can enter or give time period for idle sessions on unmanaged devices? Here is the link I was looking for to created the policy for unmanaged devices:https://learn.microsoft.com/en-us/microsoft-365/admin/manage/idle-session-timeout-web-apps?view=o365-worldwide#turn-on-idle-session-timeout:~:text=Idle%20session%20timeout%20on%20unmanaged%20devices See below snapHow to create Playbook and automation rules for M365 Defender for Identity, Endpoint, Cloud Apps, an
How to create Playbook and automation rules for M365 Defender for Identity, Endpoint, Cloud Apps, and Data as we wanted to do some automation around it to let SOAR work on the alerts which are on "Low", "Medium" severity alerts? For example: if we have many alerts those should be verified by that respective automation rule and take the appropriate actions like close those alerts or mark as no action needed.How to create Playbook and automation rules for M365 Defender for Identity, Endpoint, Cloud Apps, an
How to create Playbook and automation rules for M365 Defender for Identity, Endpoint, Cloud Apps, and Data as we wanted to do some automation around it to let SOAR work on the alerts which are on "Low", "Medium" severity alerts? For example: if we have many alerts those should be verified by that respective automation rule and take the appropriate actions like close those alerts or mark as no action needed.
