Stack Overflow
Stack Overflow

Questions tagged [microsoft365-defender]

Microsoft 365 Defender is a suite of tools that can help detect and react to attacks against and within an organization. Use this tag for questions related to using the Defender API. General support questions are off topic.

Microsoft 365 Defender is a suite of tools that can help organizations detect threats to their network and react to them.

37 questions
2
votes
0 answers

How to generate test alert/incident in "Microsoft 365 Defender" portal for test purpose?

I want to generate test alert in "Microsoft 365 Defender" portal. I have tried to login "portal.azure.com" and "outlook.office.com" from tor browser; and I was expecting an alert to be triggered (which isn't of course). any other way possible to…
shalin makhecha
  • 21
  • 3
1
vote
1 answer

Azure Sentinel (KQL)

I'm looking for a KQL query to transform data from the query: EmailEvents | where EmailDirection=="Inbound" such that the sample results (below) are transformed into the ideal results (further below) Sample results: TimeGenerated [UTC] - …
cokeburger
  • 17
  • 2
1
vote
0 answers

Is there a way to access Micrososft 365 Defender Endpoints setting through powershell?

I would like to access to all the information in the picture below, so all settings in the Micrososft 365 Defender Endpoints via Powershell. Is there a specific command like a Get-... that I can use to access those information ? If not, is there…
Damien44
  • 11
  • 1
1
vote
0 answers

Tool with macros blocked by security / ASR rules - how to fix?

I have an Excel tool (xlsm file) I'm spreading to users, they download the file from our site and after that can use it. In a nutshell: the tool has its own menu bar and a bunch of macros that e.g. do calculations, pull in data from an API, etc. I…
Koen Rijnsent
  • 230
  • 1
  • 13
1
vote
1 answer

KQL - Check value every hour to see if it's higher than the week average

I'm new to kql and defender, looking for help in creating a hunting kql query which checks the avg number of alerts in the last 7 days on defender for endpoint and if at any hour the number of generated alerts spikes and goes above the 1week average…
Dantuzzo
  • 271
  • 6
  • 25
1
vote
1 answer

'where' operator: Failed to resolve table or column or scalar expression named

For a Query in Microsoft Defender Advanced Hunting I want to use Data from an external Table (here the KQL_Test_Data.csv) but when I try to run it I get the Error message: 'where' operator: Failed to resolve table or column or scalar expression…
Kornuptiko
  • 17
  • 5
1
vote
3 answers

PS Script to uninstall Firefox from multiple locations

I am working on creating a script to uninstall Firefox from multiple locations. I have a script that I've created and it works to an extent. I have made changes to my original script based on the answer below plus some other changes $LocalUsers =…
daaqis
  • 13
  • 1
  • 5
1
vote
2 answers

Does MS Graph API support Microsoft 365 Defender

I cannot find a document on the MS Graph support pages for Microsoft 365 Defender. I would like to configure the following policies using MS Graph Anti-phishing Anti-spam Anti-malware Is this possible?
adent
  • 43
  • 6
0
votes
0 answers

Microsoft 365 Defender KQL script join datatable

Hello Community members, I hope this message finds you well. I'm currently working on a project that involves querying data using Kusto Query Language (KQL) for a specific use case. While I've made some progress, I've encountered a challenge with a…
John
  • 1
0
votes
0 answers

How to Connect MS Defender Secure Scores to Power BI via API?

The Microsoft 365 Defender Portal (https://security.microsoft.com/) has a 'Secure Score' page, which contains the following: Screenshot of secure scores breakdown in Defender portal An overall secure score which is then broken down by Identity,…
yefsor
  • 1
  • 1
0
votes
1 answer

Exchange rule to notify user that they reported a phishing simulation email

We send phishing simulation emails to user's Outlook clients with a 3rd party SaaS. I've also have globally enrolled the 'Report Message' add-in for all our users, that they're actively using. (Add-in from Microsoft themselves) I've seen in the…
juno.vr
  • 1
  • 1
0
votes
1 answer

How do i join all events related to a single identifier in KQL?

A single alert in 365Defender often contains several events categorized by EntityType. I'm trying to collect all data related to a unique AlertID into a single line so it can all be correlated towards other tables (Device*Events). I've tried doing…
Andreas Törnqvist
  • 1
0
votes
0 answers

How has the recent Microsoft 365 update affected E3 license activation for subusers? Previous method ineffective. Need guidance on new process

What is the impact of the recent interface or policy update by Microsoft 365 on our organization's ability to activate all features using E3 licenses for subusers? Previously, we could easily configure the main user and switch the account to provide…
Aqib Raja
  • 1
  • 2
0
votes
0 answers

Windows defender endpoint and clickonce VSTO plugin

I'm encountering an issue and I'm not sure how to resolve it. We've developed a Microsoft Outlook VSTO add-in using C# with the .NET framework 4.6.1. We deploy it to our clients using ClickOnce and a URL. Our ClickOnce application is signed with a…
Cédric Boivin
  • 10,854
  • 13
  • 57
  • 98
0
votes
0 answers

Audited event query for Microsoft potential unwanted application

Is there a defender advance hunting query that can detect audited data of Microsoft potential unwanted application? If there is then how to determine the false positive? I tried creating advance hunting query myself but they're basics. I'm…
shah
  • 1
1
2 3