User Profile
raphaelcustodiosoares
Iron Contributor
Joined 5 years ago
User Widgets
Recent Discussions
Re: Can we enroll MFA to the users through POSTMAN
Nesse caso, você tem duas opções Você pode usar a API do Graph ou criar um Powershell com o ID do Entra ou o módulo do Exchange. Acredito que o módulo Exchange seja melhor que o Entra ID para MFA. https://learn.microsoft.com/pt-br/graph/api/resources/authenticationmethods-overview?view=graph-rest-1.063Views0likes0CommentsRe: How to clone or duplicate an Analytic Rule in Microsoft Sentinel using PowerShell
Hello, in Sentinel it is possible to clone the analytical rule, adding a new title and keeping the settings the same, would this help you via Sentinel or is it necessary via PowerShell? Linkedin: https://www.linkedin.com/in/raphael-custodio-soares/ Youtube: https://www.youtube.com/channel/UCbrwqdI-61v3Q2zFUW2YNUQ669Views0likes0CommentsRe: Threat Intelligence Pane in Sentinel Broken
Hi, I recommend opening an incognito page to check for cache issues or even checking permissions, in the latter case opening a call to Microsoft to check their backend. Follow me on LinkedIn and YouTube 😄 Linkedin: https://www.linkedin.com/in/raphael-custodio-soares/ Youtube: https://www.youtube.com/channel/UCbrwqdI-61v3Q2zFUW2YNUQ397Views0likes0CommentsRe: Extract from syslog
Hello try Syslog | where has("pattern") and (tostring(dynamic(["allow", "deny"]) in tostring(pattern))) | project Timestamp, src, dst, protocol, sport, dport, pattern Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily.1.4KViews0likes2CommentsRe: Microsoft Defender for Endpoint for Servers is Back
Hello loook the link's https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/optimizing-endpoint-security-with-microsoft-defender-for/ba-p/3893746 https://learn.microsoft.com/en-us/azure/defender-for-cloud/plan-defender-for-servers but, it's better open a ticket in the mcirosoft. Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily.7.5KViews0likes0CommentsRe: KQL - Join when comparing against multiple fields
Hello, I can't test it, but it might help you with something , but have three iff or use coalesce. table1 | join kind=inner ( table2 | extend Hash1Match = iff(table1.HashColumn == table2.HashColumn1, true, false) | extend Hash2Match = iff(table1.HashColumn == table2.HashColumn2, true, false) | extend Hash3Match = iff(table1.HashColumn == table2.HashColumn3, true, false) ) on $left.HashColumn == $right.HashColumn | project table1.*, Hash1Match, Hash2Match, Hash3Match coalesce mode https://learn.microsoft.com/en-us/azure/data-explorer/kusto/query/coalescefunction table1 | join kind=inner ( table2 | extend AnyHashMatch = coalesce( iff(table1.HashColumn == table2.HashColumn1, true, false), iff(table1.HashColumn == table2.HashColumn2, true, false), iff(table1.HashColumn == table2.HashColumn3, true, false) ) ) on $left.HashColumn == $right.HashColumn | project Tabela1.*, AnyHashMatch Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily.579Views0likes0CommentsRe: Feature request: "file indicator blocks" also work for defender AV excluded folders
Click the url for provider a feedback about microsoft defender for endpoint, you can help more users with this idea https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/analyzer-feedback?view=o365-worldwide851Views0likes0CommentsRe: Microsoft Defender For Endpoint Mobile
to configure microsoft defender for endpoint mobile you will need intune Android: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/android-intune?view=o365-worldwide Ios: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/ios-install?view=o365-worldwide why does to use vpn ? https://support.microsoft.com/en-au/topic/microsoft-defender-for-endpoint-and-your-privacy-on-android-and-ios-mobile-devices-4109bc54-8ec5-4433-9c33-d359b75ac22a if you liked it mark the answer with a like. if you think this answer helped in any way please mark it as brainliest answer1.8KViews1like1CommentRe: Defender for endpoint license - User or Device?
Hello 1) Defender for endpoint based in the user. 2) Microsoft 365 Defender and a multi-defender defense suite https://learn.microsoft.com/en-us/microsoft-365/security/defender/microsoft-365-defender-portal?view=o365-worldwide if you liked it mark the answer with a like. if you thought this answer helped in any way please mark it as best answer3.5KViews0likes0CommentsRe: Message encryption templates
Hello Yes "The AzureRMSLicensingEnabled parameter specifies whether the Exchange Online organization can to connect directly to Azure Rights Management. Valid values are: $true: The Exchange Online organization can connect directly to Azure Rights Management. This enables Microsoft Purview Message Encryption." if you liked it mark the answer with a like. if you thought this answer helped in any way please mark it as best answer1.1KViews0likes0CommentsRe: Grouping alert into incident
burasathi hello you are using to group when it matches account, id , process. As the ip and the process will always be different, then there will always be a non-grouped incident because it does not match the selected fields. Select last option and mark account About the alerts it is generating too many and because you are evaluating every hour with 1 day data polling time, try to run every 1 hour with 1 hour polling time. if you liked it mark the answer with a like. if you thought this answer helped in any way please mark it as best answer2.4KViews0likes1CommentRe: Sentinel to Service Now stack
hello danielmasters I was looking at the settings again as an example of this video https://www.youtube.com/watch?v=LEWqi98fv3o&ab_channel=ServiceNowCommunity if you observe it has a delay of 2 minutes, or also open a ticket in microsoft/service now if you liked it mark the answer with a like. if you thought this answer helped in any way please mark it as best answer577Views0likes0CommentsRe: Audit Log/ Mixed Tenancy
Hello Barry Briggs look the website https://learn.microsoft.com/en-us/purview/audit-log-investigate-accounts The new MailItemsAccessed action is part of the new Audit (Premium) functionality. It's part of Exchange mailbox auditing and is enabled by default for users that are assigned an Office 365 or Microsoft 365 E5 license or for organizations with a Microsoft 365 E5 Compliance add-on subscription. The MailItemsAccessed mailbox-auditing action covers all mail protocols: POP, IMAP, MAPI, EWS, Exchange ActiveSync, and REST. It also covers both types of accessing mail: sync and bind.....................................1.3KViews0likes1CommentRe: Anonymous/Tor as filter/condition
Hello siastolf please look the website https://argonsys.com/microsoft-cloud/library/cloud-app-security-block-tor-browser-anonymous-ip/ if you liked it mark the answer with a like. if you thought this answer helped in any way please mark it as best answer10KViews0likes1Comment
Recent Blog Articles
No content to show