User Profile
BillClarksonAntill
Iron Contributor
Joined 7 years ago
User Widgets
Recent Discussions
Re: Report file read on storage account
Hey drhorg2230 Some additional questions to assist you Are you storing this in a storage account using blob storage, and have you considered defender for storage as a defense mechanism Monitoring is another option, but are you wanting to monitor for security or usage?396Views0likes0CommentsRe: DLP policy is not syncing with endpoints for more than 5 days
Hey saravanan82 I'm starting to wonder if its an issue between the Tenant and the Device? Have you by chance checked with Microsoft to see if they are experiencing any issues? Also have you tried to reinstall the agent to make sure its up-to-date on the device?6.3KViews0likes1CommentRe: DLP policy is not syncing with endpoints for more than 5 days
Hey saravanan82 Have you turned on Device Monitoring by chance Check out this link https://learn.microsoft.com/en-us/purview/endpoint-dlp-learn-about#whats-different-in-endpoint-dlp:~:text=Enabling%20Device%20management6.9KViews0likes3CommentsRe: How does Microsoft Azure ensure data security & compliance for businesses storing PII data
Hey AashimaSharma Just to confirm, How does Microsoft Azure ensure data security & compliance for businesses storing PII data is your question? Microsoft has many compliance standards its infrastructure needs to follow. If you are looking for information on this, see the below links Datacenter Security https://learn.microsoft.com/en-us/azure/security/fundamentals/physical-security Microsoft Azure Compliance Documentation https://learn.microsoft.com/en-us/azure/compliance/932Views0likes0CommentsRe: Where are DLP Reports now?
Hey AdminOne It looks like the reports capability was depreciated late last year It looks like it has been replaced with the Activity Explorer Check out this link https://compliance.microsoft.com/dataclassification/activityexplorer Additional information can be found here around reporting https://learn.microsoft.com/en-us/purview/dlp-learn-about-dlp323Views0likes0CommentsRe: DLP policy is not syncing with endpoints for more than 5 days
Hey saravanan82 If you're leveraging endpoint dlp and have onboarded devices to Microsoft Purview, you will be able to tell a specific device to sync with purview to receive it's assigned policies, but only if the device is reporting as being out of sync. To do this, you can: login to http://compliance.microsoft.com/ Select "Settings" from the menu on the left Select "Device onboarding" Find and select any out of sync device if that doesn't work, try forcing a sync from in security.microsoft.com Select "Devices" Find the Device in your device inventory Click on the 3 dots and select policy sync This will be dependent on if you are using the MDE attach method with your device fleet or not7.3KViews0likes5CommentsRe: Problems for Repeated Locked Account
Hey GionataDeri A few ways you can go here, Enabling condition access for logging in Enable MFA on the account Check out this link https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-passwordless?toc=%2Fazure%2Fsecurity%2Ffundamentals%2Ftoc.json&bc=%2Fazure%2Fsecurity%2Fbreadcrumb%2Ftoc.json Some of the features will depend on what level of license you have assigned467Views0likes1CommentRe: Possible tampering with protected processes on one endpoint
Hey Kapildev_C Are you running any other antivirus or RMM (Remote Management and Monitoring) based services on that system by chance? Im wondering if someone has tried to overrite the Microsoft Defender for Endpoint Sense Classification Engine (SenseCE.exe) Are you running any labels or Data Loss Prevention policies across your fleet?1.2KViews0likes1CommentRe: Office 365 Exchange Online is detected as a Risky workload
Hey ProgentCT It would be a number of issues with this and why its being detected as a Risky workload, check out the following link for guidance https://learn.microsoft.com/en-us/entra/id-protection/concept-workload-identity-risk#workload-identity-risk-detections Typically in my experience it could be the way the Service Principal has been configured etc Is there any further information you can provide without giving away any compromising details376Views0likes0CommentsRe: Get notified by email when someone tries access or login with service account credentials in m365 te
Hey VinodS2020 There are many different ways you could complete this Defender for Endpoint, Defender for Cloud Apps, Microsoft Sentinel I assume Defender for cloud apps would be your preferred option337Views0likes0CommentsRe: Where can i create a support ticket for an issue with MDATP (LINUX)
Hey Mark_Alkema Few ways you can achieve this You can contact Microsoft Support via there phone numbers here or you can go into the security.microsoft.com portal and on the right upper most corner there is a question mark select that and type in some random text into the search field, and click enter After that the "Contact Support" button should appear down the bottom to create a ticket484Views0likes0Comments
Recent Blog Articles
No content to show