Stack Overflow
Stack Overflow

Questions tagged [microsoft365-defender]

Microsoft 365 Defender is a suite of tools that can help detect and react to attacks against and within an organization. Use this tag for questions related to using the Defender API. General support questions are off topic.

Microsoft 365 Defender is a suite of tools that can help organizations detect threats to their network and react to them.

37 questions
0
votes
0 answers

How can I trigger detection for Microsoft-Defender/AV using a pseudo-threat?

How can I trigger the Microsoft AV to detect a file or URL as malicious using a pseudo-threat? A pseudo-threat in this case is a 'clean/safe' file but is detected by the Microsoft AV (or the AV industry as a whole) as malicious just for testing. Is…
GovZ
  • 253
  • 1
  • 11
0
votes
0 answers

Create different email signatures for employees at my company

I would like to know how can I create through the microsoft 365 admin center different email signatures for different employees.
andre silva
  • 1
0
votes
0 answers

Is it possible to add additional services to an existing Microsoft 365 E5 Developer subscription?

I am trying to create a lab to test out some deployment scenarios for MS Defender and Intune. I have a Microsoft 365 E5 developer subscription [Microsoft 365 E5 Developer (without Windows and Audio Conferencing)]. This subscription is available to…
TalShyar
  • 119
  • 1
  • 8
0
votes
0 answers

Powershell Script to remote enable MS defender on multiple computers

I'm looking for some advice on enabling defending remotely on multiple devices.. I have done a bunch of googling but I would like a another set of eyes on what I have done so far before I take this to test. This is my first major script that will be…
jrivera
  • 1
0
votes
0 answers

can't test web filtering in M365 dev program

E5 license has web filtering included but when I go to the Defender mgmt console, I don't see Devices tab. I have 2 devices enrolled and visible in Intune. Following any guide, including this one I need to go to security.microsoft.com Navigate to…
mk365E5
  • 1
0
votes
0 answers

Custom detection rule "A event "x minutes after" B event"

I'm new to Kusto and trying to create a new custom detection rule with two different events. For example, the first one above detects creating a new scheduled task. Second one detects successful login. DeviceProcessEvents | where FolderPath endswith…
tobtob
  • 1
0
votes
1 answer

How can I access "Microsoft 365 Defender" -> Streaming API through Portal.Azure.com?

In my company I administrer many diffrent Azure tenants. I log into my customers using a MyCustomer Portal. When I click a customer in the portal I am transfered to https://portal.azure.com and logged in to the customer. If I open a tab and enter…
Europa
  • 974
  • 12
  • 40
0
votes
0 answers

Kusto on Microsoft 365 Defender

How can I show Incidents/Alerts in Kusto using their investigation state ? TO get all the incidents/alerts that under that state
Pau
  • 1
0
votes
0 answers

What is the need for phishing threshold when then is a already a term called PCL(Phishing Confidence level)?

Here are reference to what I'm talking about. (https://i.stack.imgur.com/6MhPR.png)(https://i.stack.imgur.com/B9lbj.png) (https://i.stack.imgur.com/4eoni.png) I need a clear explanation for the need of Phishing threshold ,when there already Phishing…
Sivahari Venkatesan
  • 1
0
votes
0 answers

How to get LiveResponse library file history?

I uploaded files to LiveResponse library using https://github.com/MicrosoftDocs/microsoft-365-docs/blob/public/microsoft-365/security/defender-endpoint/live-response-library-methods.md API. I overwrite specific file in mistake (and I have no local…
morismoris
  • 3
  • 2
0
votes
0 answers

Onboarding Windows 2008 R2 to Defender for Cloud

I was trying to onboard Windows 2008 R2 to Defender for Cloud via Azure Arc. On the docs sites, there's information that this version is supported and also, with Defender for Servers plan 2 you will get a licences for MDE (Microsoft Defender for…
catJam
  • 224
  • 1
  • 10
0
votes
1 answer

Kusto Query Language - Microsoft Defender IP Subnet Query

Is there a way to query for IP ranges from the DeviceEvent table using IP subnet notation i.e. 1.1.1.0/24 vs. listing individual IPs 1.1.1.1? Instead of list inididual IPs for | where LocalIP == "1.1.1.1" I would like to list subnet range "1.1.1.1…
Richard Barretto
  • 1
0
votes
1 answer

Azure NSG rule to allow VM to access MS 365 Defender

I have a VNET which restricts all access outbound using an NSG except for 1 specific port which is used for an app it hosts. However I need a way to allow Defender to communicate with the MS 365 Defender portal so it can report in. I tried using a…
amaru96
  • 171
  • 2
  • 17
0
votes
1 answer

How to pull Defender (Microsoft 365) reports from Exchange Online Protection

Under the email collaboration in Defender365, there are a set of reports that report things such as malware detected in emails, spam blocks, etc... that I'd like to pull that aren't available on the two APIs…
Kofi
  • 13
  • 4
0
votes
1 answer

KQL Querying MDE/MDO's API

I am researching a little bit about MDE/MDO-s API capabilities for advanced threat hunt. my question is: 

Is it possible to KQL querying MDE/MDO’s API? Any info would be highly appreciated. Thanks goal: using KQL to hunt for threats utilising…
CldBoy
  • 1
1
2
3