User Profile
KevinLin
Copper Contributor
Joined 5 years ago
User Widgets
Recent Discussions
What does @ mean in KQL?
In page:Integrate external data - Training | Microsoft LearnandExtract data from unstructured string fields - Training | Microsoft Learn What does @ mean in below two KQL: Users | where UserID in ((externaldata (UserID:string) [ @"https://storageaccount.blob.core.windows.net/storagecontainer/users.txt" h@"?...SAS..." // Secret token needed to access the blob ])) | ... SecurityEvent | where EventID == 4672 and AccountType == 'User' | extend Account_Name = extract(@"^(.*\\)?([^@]*)(@.*)?$", 2, tolower(Account))Solved1.7KViews0likes2CommentsWill Microsoft Defender for Endpoint prevent user to change settings in Windows security?
Hi 1. If I turn onAllow or block file (Microsoft 365 Defender > Settings >Endpoints > General > Advanced features > Allow or block file > On), Will Microsoft Defender for Endpoint prevent user to change settings in Windows security? 2. If yes, how to let user have ability to turn it off? (Why I ask the question is Afterturn off Allow or block file, user still see "This setting is managed by your administrator")2KViews0likes2CommentsI have no permission to view Firewall report
Hi I am trying to test Host firewall reporting in Microsoft Defender for Endpointfunction. First, I enable "Audit Filtering Platform Packet Drop" and "Audit Filtering Platform Connection" events. After it, when I openfirewall report pages, it tell me "Sorry, you have no permission to view it." I am Security admin, Security reader, Security operator already. What permission I have?814Views1like0Comments
Groups
Recent Blog Articles
No content to show