Stack Overflow
Stack Overflow

Questions tagged [microsoft365-defender]

Microsoft 365 Defender is a suite of tools that can help detect and react to attacks against and within an organization. Use this tag for questions related to using the Defender API. General support questions are off topic.

Microsoft 365 Defender is a suite of tools that can help organizations detect threats to their network and react to them.

37 questions
0
votes
1 answer

Using MSGraph to download emails for Exchange Online with Advanced Threat Protection (ATP) Enabled

We have a process that downloads emails, using MSGraph, at regular intervals (for example...every 10 minutes). Once downloaded, the emails are examined and attachments are imported for additional processing. We have a customer who moved to Office…
Sdev
  • 93
  • 2
  • 8
0
votes
1 answer

Microsoft Defender for Cloud Apps REST API- Insufficient role based permissions

I am trying to investigate file uploads to see if they are matched by File Scan policies in Microsoft Defender for Cloud Apps (aka MCAS). I can see them fine at the portal but I need to automate the process via API. As per documentation, I did…
Prodip
  • 436
  • 8
  • 21
0
votes
1 answer

365 Block .exe Download

Is it possible to prevent the download and execution of files with a .exe extension using 365? I've searched across Endpoint Manager, Defender for Endpoint and Defender for Cloud Apps but can't see an obvious way of doing this. Most of my searches…
alexthannah
  • 109
  • 2
  • 8
0
votes
1 answer

Prevent mdatp (Microsoft Defender Advanced Threat Protection) for linux to move malicious files to the quarantine

I'm working with mdatp (Microsoft Defender Advanced Threat Protection) for Linux. The idea is to detect any malicious file in a specific folder, using a command like: mdatp scan custom --path /tmp/ The problem is that mdatp is automatically…
Andrea
  • 87
  • 2
  • 9
0
votes
1 answer

Which scope use to get the access token for Microsoft credential

I'm trying to do postman access token request to reach the following api : however the result returned is always the same: "error": { "code": "Unauthorized", "message": "Unauthorized", "target":…
Romain
  • 15
  • 5
0
votes
1 answer

Microsoft Defender (Advanced Hunting) : Detecting File copying

I am trying to find if a user has copied some files from the shared folder to the local desktop. The Microsoft Defender (Advanced Hunting) only shows FileDeleted, FileCreated, FileRenamed, and Filemodified. What are other filters I should apply to…
CuriousDataExplorer
  • 1
  • 1
0
votes
1 answer

Query File paths field from Microsoft Defender

I am looking for documentation on how to build a Advanced Hunting query in Microsoft Defender for Endpoint where I can use the "File paths" in the KQL query. The field is in the Software Inventory under devices and in the section Software…
grouse_4
  • 3
  • 2
1 2
3