User Profile
AntR07
Brass Contributor
Joined 7 years ago
User Widgets
Recent Discussions
Re: Device Events table
Hi There, You need to have Defender for Endpoint P2 license to get the Device tables in Advanced Hunting section. Defender for Business does not have this feature. Nor does Defender for Endpoint P1. When you have Business premium, Defender for endpoint gets put in Defender for Business mode by default. Even if you have Defender P2 assigned. This can be checked in the Settings - Endpoint - License section. If it says Defender for Business then you need to submit a ticket to MS to get this changed for Defender P2 mode. If they come back to you saying for you to change it in the portal. You can't. Needs to be done in back end by MS engineer.4.1KViews2likes2CommentsRe: Find out number of closed vulnerabilities
I too have been looking for a solution to this. There is an 'event timeline' in Defender TVM section that tracks changes but I dont think this data is available via API or Advanced Hunting schema. And it is more device related rather than total vulns remediated. My thought was to try a KQL query to take all CVE's that existed on the first of the month (or what ever time period you want) and compare against the CVE's that exist now (current date/time). I can't figure out the KQL query though..840Views0likes1CommentRe: ff
KleoNunket can you filter out the RDS server from the CA policy? You might be able to filter it out based on its device ID using "Filters for Devices (preview)" condition. https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-condition-filters-for-devices If its working with the CA Policy off you can just exclude it from the policy as a work around. As for the non-compliance status in intune for RDS. I'm wondering if Windows Server OS are supported here. Perhaps only the windows client OS are supported. However if you go into intune to the compliance policy is should show why that device is failing compliance. Might give you a clue where to look. Go to the Device in Intune and then select Device Compliance.899Views0likes0CommentsDefender for Endpoint - EDR Block Mode
Hi All, Is there anyway to verify that MDE is in block on mode on any given endpoint? Is there a powershell command or similar we can use to verfy that EDR Block Mode is actually enabled? Other than having it turned on in the Security Center's Advance Features section? I have it turned on yet I see some Endpoints still showing security recommendations to turn it on. Freshly onboarded and latest version of windows 10. Defender is in active mode. Any ideas? Thanks in advance.Re: [MS Defender Security Center]Manual updating informations about device in Device inventory dashboard
poprostupiotr I too am looking for a method to force update. For example I have scripted some changes to enable ASR rules yet it takes a while for this to show up in "security recommendations" in the defender portal. There used to be a expedite mode but seems to have been made redundant as per: https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/optimized-reporting-latency-and-expedite-mode/ba-p/2292083KViews0likes0Comments
Recent Blog Articles
No content to show