User Profile
BemmelenPatrick
MCT
Joined 7 years ago
User Widgets
Recent Discussions
Re: "Access to Microsoft Teams is monitored" - Timesout
Hello Durrante, Could you please check your licensing to be sure you have an active subscription which contains MCAS and have it assigned to your users? Do you have any other Conditional Access policy assigned to Sharepoint and could you disable this policy to test if this is causing any problems? Also, could you maybe recreate the Office 365 connector in MCAS? If these conditions have been met, I would advice you to create a support ticket with Microsoft. Microsoft Teams only appears after MCAS detects activity for the first time so this is expected behavior.8.7KViews0likes0CommentsRe: MDATP Apps Blocking (Passive mode)
As far as I know Edge uses Smartscreen to apply Network Protection while other browsers are "protected" using the Network Protection feature, the same principal goes for the Web Protection feature which is currently in preview. This might declare why blocking the unsanctioned apps does work at the moment.3.4KViews0likes1CommentRe: Azure defender for subset of services/resources
Hello Muhammad, If you only mean VM's by "workload" then this one is answered very quickly 😉 https://docs.microsoft.com/nl-nl/azure/security-center/security-center-pricing#can-i-enable-azure-defender-for-servers-on-a-subset-of-servers-in-my-subscription Hope this answers your question.5.4KViews0likes3CommentsRe: Any plan to integrate/send MCAS activity events to Sentinel
Hello Hemanth, Are you using PIM for access to MCAS or to Azure Sentinel/Logic Apps? Because the API token is taken from MCAS this will need to be entered for the Logic Apps connection but for Logic Apps you can use managed identities: https://docs.microsoft.com/nl-nl/azure/logic-apps/create-managed-service-identity1.8KViews0likes2CommentsRe: Any plan to integrate/send MCAS activity events to Sentinel
Hello Hemanth_Abbina, There currently is a workaround where you are able to configure the MCAS API as the source for collecting the Activity logs into Azure Sentinel. Please check out this article for more information: https://techcommunity.microsoft.com/t5/azure-sentinel/microsoft-cloud-app-security-mcas-activity-log-in-azure-sentinel/ba-p/18498061.8KViews0likes4CommentsRe: MDATP Apps Blocking (Passive mode)
Hi Mdrafik, The answer on this one isn't that hard actually, what Defender for Endpoint and MCAS actually do is using the Network Protection feature to block access to the unsanctioned apps. So what this means is that you will need to look at the prerequisites for Network Protection found here: https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/network-protection#requirements As it states in this article, the Microsoft Defender AV real-time protection and cloud-delivered protection must be enabled in order for Network Protection to function. So the answer is yes, you will need to enable Defender for Endpoint to use the unsanctioned app feature.3.6KViews0likes4CommentsRe: Office 365 Attack Simulator is not working
Hi Sarah, I would advice you to take a look at this article, there are a couple of roles available for the Attack Simulation that might fit your needs: https://docs.microsoft.com/nl-nl/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center?view=o365-worldwide#roles-in-the-security--compliance-center16KViews1like0CommentsRe: MDATP Windows 10 onboarding | Intune
Are there any outbound rules in your firewall blocking access to the Defender URL's? And if you run the detection test does this resolve the issue? https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/run-detection-test Also, did you assign the appropriate licenses to the user who are using the endpoints?2.7KViews0likes0CommentsRe: Defender ATP Suppression Rules Still Action Files?
If I understand correctly there are exclusions which are being pushed via SCCM: https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus#use-configuration-manager-to-configure-file-name-folder-or-file-extension-exclusions Maybe EDR/ASR could be the root of the "problem" (blocking suspicious activity is never a problem of course 😉)?1.3KViews0likes0CommentsRe: exclusions for USB and /etc/hosts file on Windows 10 devices
Hello Gary, To apply an exclusion to Defender for Endpoint you should add a custom indicator like so: https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/manage-indicators As far as I know it's not possible to add specific exclusions for removable drives at this time.853Views0likes0CommentsRe: Microsoft Endpoint Protection Standalone
Dear Ward, Defender for Endpoint is only available as part of a full license plan like Microsoft 365 E5. Please have a look here for any further details: https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements#licensing-requirements At the moment, there is no standalone license available.3.8KViews1like0CommentsRe: When to use additional security policies
Hello Dean Gross, Security Baselines are sufficient in most cases but there might be some considerations when you look at the individual settings. Think of Attack Surface Reduction (ASR) for instance, which blocks certain behaviors that might be normal for business applications to apply like downloading a file through a script. It all comes down to deciding what functionalities could stop your normal processes from running. I would advice you to take a look here and see what every individual part of Defender for Endpoint does to decide whether you should create your own policies: https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection1.4KViews1like0CommentsRe: Issues with file exceptions migrating from legacy AV McAfee/SEP
Hello paulhoff, You will be able to provide different policies from Intune and GPO that you apply to groups or, in case of GPO's, to security AD groups and/or OU's. To use groups in Intune you could use dynamic Azure AD groups which add members based on specific properties like OS, please see: https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-create-rule For more information about dynamic groups.726Views1like0CommentsRe: AIP UL Scanner - configure multiple nodes
Then it is best practices to load balance your cluster by creating multiple nodes and adding multiple scan jobs to that cluster. Putting multiple scan jobs on only one node will decrease the performance for your node, meaning it will take a long time for all the jobs to complete. Also see: https://docs.microsoft.com/nl-nl/azure/information-protection/deploy-aip-scanner-configure-install#optimizing-scanner-performance3.1KViews0likes1CommentRe: Secure Identity Secure Score
Hello Fab_Rod, If you look on the right hand side of the Secure Score dashboard you will find an option to "Manage Comparison". There you will be able to enter your companies information like the amount of people and the industry your business is involved. This will create comparisons between your own company and companies compared to yours.1.7KViews2likes1CommentRe: Question on web protection with Defender for Android
Hi Calum_L1, Web protection spreads across all the network traffic originating from your Android device when you allow it for both profiles. If you want to disable it for your personal profile, please take a look here: https://docs.microsoft.com/en-us/mem/intune/protect/advanced-threat-protection-manage-android#configure-web-protection-on-devices-that-run-android You will find the information under Android Enterprise Personally-Owned Work Profile The way it works is by setting up a "dummy" VPN connection which tunnels all your traffic through the installed Defender for Android application. This way all traffic will be monitored by Defender for Android. Please note for privacy concerns that the traffic will never be send through any cloud web based server but only through the installed app.2.1KViews0likes0Comments
Recent Blog Articles
No content to show