Recent DiscussionsMost RecentNewest TopicsMost LikesSolutionsTagged:TagRe: Block The URL and User Ravi Harariya It depends which products are deployed in your environment, and where you would like to enforce the block, but in general: 1. Blocking users: Remediation actions in Microsoft Defender for Identity - Microsoft Defender for Identity | Microsoft Learn 2. Blocking senders (of emails): Create blocked sender lists - Office 365 | Microsoft Learn 3. Blocking URL in Defender for Endpoint (put in mind you have to enable network protection for this to work on non-Microsoft browsers): Create indicators for IPs and URLs/domains | Microsoft Learn 4. Block URL in Defender for Office: Allow or block URLs using the Tenant Allow/Block List - Office 365 | Microsoft Learn Hope it helps 🙂 Re: Defender 365 threat notifications and emailing teams channelHi Mike, have you tried doing so through power automate? You can set specific rule on email to trigger teams message in channel, try this one - https://powerautomate.microsoft.com/en-US/templates/details/04d1cbbd3e4f412d838fefccaad8058e/post-message-to-microsoft-teams-when-an-email-arrives-in-office-365-outlook/Re: Different between Entity type 'File' and 'Machine'ofc! Happy it helped 🙂 Indeed this can be confusingRe: Different between Entity type 'File' and 'Machine' Hi Zzhaoxi The alert evidence table (See documentation) has multiple rows per each alert, with all the different evidence, machine, files etc. In the alert you looked at, supposedly there should be more rows for the for the file entity. The problem might be that there's no definition for the join kind in your query, which will default to innerunique. Try this one: AlertEvidence |join kind=leftouter AlertInfo on AlertId |project Timestamp,Title,EntityType,FileName,FolderPath,AlertId,SHA1,SHA256,Category,AdditionalFields |where AdditionalFields contains "input PC name here"
Recent Blog ArticlesNewest TopicsMost LikesTagged:TagInvestigate URLs and domains more efficiently with the new URL page The new URL page in Microsoft 365 Defender provides a unified experience for investigating URLs and domains in one centralized location. New file analysis and pivoting capabilities in Microsoft 365 Defender Easily pivot between devices and cloud apps, or analyze files with the new file page in Microsoft 365 Defender Automate your alert response actions in Microsoft 365 Defender Want to respond to threats faster and more effectively? Learn how to easily automate your response actions to any alerts in Microsoft's XDR. Announcing File page enhancements in Microsoft Defender for Endpoint Have you ever investigated files in Microsoft Defender for Endpoint? We have now made it even easier. New URL & domain pages in Microsoft 365 Defender Want to easily investigate, take actions and pivot on URLs and domains? The new URL & domain pages will make it easier than ever. Reduce time to response with classification The new classification experience provides insights on similar alerts observed in the past, and tailored recommendations with direct links to follow-up actions, making alert triage and handling proce...
