Microsoft Defender for Cloud topics https://gorovian.000webhostapp.com/?exam=t5/microsoft-defender-for-cloud/bd-p/MicrosoftDefenderCloud Microsoft Defender for Cloud topics Tue, 17 May 2022 07:54:57 GMT MicrosoftDefenderCloud 2022-05-17T07:54:57Z How to Troubleshoot GCP integration https://gorovian.000webhostapp.com/?exam=t5/microsoft-defender-for-cloud/how-to-troubleshoot-gcp-integration/m-p/3364239#M1379 <P>Yesterday, We connected a GCP org to Defender for Cloud, Security Posture shows the organization and 50 projects but the score is N/A and all of them show 0 of 0. How can I troubleshoot to see what is preventing the recommendations from being performed and reported?</P> Thu, 12 May 2022 11:53:09 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-defender-for-cloud/how-to-troubleshoot-gcp-integration/m-p/3364239#M1379 Dean Gross 2022-05-12T11:53:09Z KQL OSPlatform count, DeviceTvmSecureConfigurationAssessment https://gorovian.000webhostapp.com/?exam=t5/microsoft-defender-for-cloud/kql-osplatform-count-devicetvmsecureconfigurationassessment/m-p/3361468#M1375 <P>I'm working with a query that was posted on Github for "Endpoint Agent Health Status Report" however I only want to show for our Servers.&nbsp; I was able to put in a Where for specific OS but the server counts seem to be wrong.&nbsp; I wanted to create a KQL query that would should the OS by count().</P><P>&nbsp;</P><P>DeviceTvmSecureConfigurationAsseessment</P><P>| where innotempty(DeviceName)</P><P>| summarize OSCount = count() by OSPlatform</P><P>&nbsp;</P><P>There query runs but it shows way to many devices for each OS.&nbsp; I added a timestamp to only select from the last 24hrs but it still shows a lot.&nbsp; For example, we have perhaps a total of 178 Servers but it is giving me over 3k linux servers and over 13k of Windows 2016.</P><P>&nbsp;</P><P>Please assist with the correct method to user kql to get the info.</P><P>&nbsp;</P><P>Thanks,</P> Wed, 11 May 2022 21:55:30 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-defender-for-cloud/kql-osplatform-count-devicetvmsecureconfigurationassessment/m-p/3361468#M1375 SergioT1228 2022-05-11T21:55:30Z Log analytics Workspace Design Considerations - Recommendations & Technical Guidance https://gorovian.000webhostapp.com/?exam=t5/microsoft-defender-for-cloud/log-analytics-workspace-design-considerations-recommendations/m-p/3350840#M1374 <P>Hi community,</P><P>Is there some technical guidance or recommendations related to the LA workspace designs when it comes to the onboarding of resources to Defender for Cloud, i.e. have a single LAW for all resources, or split it out according to some or other plan?</P><P>Also, enabling Defender for Cloud at subscription level rather than LA level? Although I suppose this would make sense if you only wanted to include some resources under a subscription instead of a blanket enablement?<BR />Thanks</P> Tue, 10 May 2022 13:10:58 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-defender-for-cloud/log-analytics-workspace-design-considerations-recommendations/m-p/3350840#M1374 SebastiaanR 2022-05-10T13:10:58Z Configuration as Code https://gorovian.000webhostapp.com/?exam=t5/microsoft-defender-for-cloud/configuration-as-code/m-p/3301313#M1370 <P>We were trying to configure the Defender for Cloud portal settings using code and were unable to find any good ways to do this. Are we missing something obvious?</P><P>Use case - providing managed security services to many clients and would like to enable the Secure Score Over Time workbooks for many customers.&nbsp;</P> Tue, 03 May 2022 12:46:24 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-defender-for-cloud/configuration-as-code/m-p/3301313#M1370 Dean Gross 2022-05-03T12:46:24Z Talk to our engineers about Microsoft Defender for Cloud protection capabilities https://gorovian.000webhostapp.com/?exam=t5/microsoft-defender-for-cloud/talk-to-our-engineers-about-microsoft-defender-for-cloud/m-p/3293937#M1366 <P>Data Security has become top priority for organizations, greatly emphasized by the transition to cloud, rise in privacy and regulatory legislations, and Intellectual Property needs. Organizations look for Data Security technologies to address data security risks and to protect their data in an ever growing and complex eco-system of devices, platform, locations, and data asset types.</P> <P>&nbsp;</P> <P>The Cloud Data Security (CDS) product team is developing new capabilities in Microsoft Defender for Cloud that enhances data security posture management based on data sensitivity and data risk. We are currently collecting customer’s input on data protection capabilities for structured and unstructured data and would like to speak with customers interested in protecting their data in the cloud. <BR /><BR />During this conversation, you will be speaking directly with the Cloud Data Security engineering group regarding cloud data protection needs for structured and unstructured data such as data loss prevention, encryption, tokenization, masking, and access policies. Your input is important and will help influence the design and development of key features.</P> <P>&nbsp;</P> <P><STRONG>If are interested in talking to our Cloud Data Security Engineering team about protection capabilities within Microsoft Defender for Cloud, please fill out this form --&gt;&nbsp;</STRONG><STRONG>&nbsp;<A href="#" target="_blank">https://aka.ms/</A><A href="#" target="_blank">MDFCDataProtection</A></STRONG></P> Mon, 25 Apr 2022 13:42:28 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-defender-for-cloud/talk-to-our-engineers-about-microsoft-defender-for-cloud/m-p/3293937#M1366 alsteele 2022-04-25T13:42:28Z Azure Defender for Containers - Limits, Control daemonsets and deployments, updates, no uninstall? https://gorovian.000webhostapp.com/?exam=t5/microsoft-defender-for-cloud/azure-defender-for-containers-limits-control-daemonsets-and/m-p/3286633#M1361 <P>Hi,</P><P>&nbsp;</P><P>I use Azure defender for containers on multiple AKS clusters, and so far I'm very unhappy with the service. If it would work as intended than it should be a great feature but at this moment. it's broken.</P><P>&nbsp;</P><UL><LI>limits are set to to low. (60m for the publisher pods). This makes the pods crash, and eventually trigger CrashLoopBackOff. One one cluster I have 600+ reboots of these pods a day. triggering a flood of Log Analytics ingests, costing an insane amount of money.</LI><LI>another problem is the livenessProbe, it keeps failing.. triggering more ingest to Log Analytics.&nbsp;</LI><LI>You cant edit the daemonsets and deployeyments.. well it is possible, but after 15 minutes the yaml's just get overwritten by an undocumented mechanism. Changing limits is useless, trying to troubleshoot at all is useless.</LI><LI>The yaml's contain paths to the image repositories but when looking up the versions, they seem old. mcr.microsoft.com/azuredefender/stable/security-publisher:0.3.27 is atleast 8 versions old. again, updating the yaml's pulls the new versions, but after 15 minutes it gets rolled back.</LI><LI>Is there an update control that I'm not aware of, there is no documentation. MS seems to push the yaml's every 15 minutes so this should be an easy fix. just please write documentation on how it works.</LI><LI>Last but not least --the biggest issue--. Because of the above I tried uninstalling the solution for now. it is pretty expensive as it is, and because of the added log analytics cost I cant stand behind the product for now. I followed the documentation, removing auto onboarding from Defender, and used the rest api to set azureDefender enabled: false. command got put fine.</LI><LI>I wait, and wait. nothing happens. So I remove all defender resources from a cluster and after 15 minutes, everything is back....</LI></UL><P>I have the solution set to off in the defender portal, auto onboarding is turned off, but I cant remove the solution.... how is this even possible.&nbsp;</P><P>&nbsp;</P><P>These things are happening on 3 clusters over two azure tenants. I raised a ticket already, but at this moment, I don't think it is something I did.&nbsp;</P><P>&nbsp;</P><P>Don't get me wrong, I like Azure and I like Defender, but the container solutions seems broken at this moment.</P> Fri, 15 Apr 2022 11:54:14 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-defender-for-cloud/azure-defender-for-containers-limits-control-daemonsets-and/m-p/3286633#M1361 Jeffrey Persson 2022-04-15T11:54:14Z read permission to defender for cloud security alert https://gorovian.000webhostapp.com/?exam=t5/microsoft-defender-for-cloud/read-permission-to-defender-for-cloud-security-alert/m-p/3285655#M1359 <P>Good morning guys, I would like to know what permission is needed to view the Defender for Cloud security alert because I need to grant this permission and it is not working. The specific contributor is currently as a security administrator and still cannot view.</P><P>&nbsp;</P><P>tks</P> Thu, 14 Apr 2022 12:01:01 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-defender-for-cloud/read-permission-to-defender-for-cloud-security-alert/m-p/3285655#M1359 mlcaffaro 2022-04-14T12:01:01Z spring4shell https://gorovian.000webhostapp.com/?exam=t5/microsoft-defender-for-cloud/spring4shell/m-p/3278886#M1356 <P>Hello guys, can anyone tell me if MS will provide someone workbook to check if any server in the environment is vulnerable to spring4shell? in the case of log4shell she made it available. Or if there is another way, thank you. I was currently checking by qualys through the CVE number but I believe it is not very accurate. Thanks</P> Thu, 07 Apr 2022 14:16:15 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-defender-for-cloud/spring4shell/m-p/3278886#M1356 mlcaffaro 2022-04-07T14:16:15Z Microsoft Defender for SQL - Supported SQL server version https://gorovian.000webhostapp.com/?exam=t5/microsoft-defender-for-cloud/microsoft-defender-for-sql-supported-sql-server-version/m-p/3277085#M1351 <P>Hi,</P><P>&nbsp;</P><P>I'm somehow not able to find definitive information if Microsoft SQL Server 2008/2008R2 is supported by MD for SQL. Is it? :)</img></P><P>&nbsp;</P><P>Kind regards,</P><P>Jan</P> Tue, 05 Apr 2022 22:16:57 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-defender-for-cloud/microsoft-defender-for-sql-supported-sql-server-version/m-p/3277085#M1351 jcescut 2022-04-05T22:16:57Z Defender for Server deployed, integration for DfE checked, but M365 Defender showing "Can be onboard https://gorovian.000webhostapp.com/?exam=t5/microsoft-defender-for-cloud/defender-for-server-deployed-integration-for-dfe-checked-but/m-p/3275262#M1347 <P>I'm sure I'm missing something in the slightly complicated way of enabling servers for DfE via Defender for Cloud Server. The licensing is in-place the checkboxes to share data are ticked. The servers are showing as onboarded in Defender for Cloud however, the one portal to rule them all - Microsoft Defender 365 - is still showing the servers as "Can be onboarded" and missing the data of a properly onboarded DfE client.&nbsp;<BR /><BR />Where should I start my troubleshooting to determine what I've missed or what is going wrong?</P><P>&nbsp;</P><P>Paul</P> Mon, 04 Apr 2022 11:48:59 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-defender-for-cloud/defender-for-server-deployed-integration-for-dfe-checked-but/m-p/3275262#M1347 Paul Bendall 2022-04-04T11:48:59Z False positive https://gorovian.000webhostapp.com/?exam=t5/microsoft-defender-for-cloud/false-positive/m-p/3275058#M1346 <P>Getting this: "Service principals should be used to protect your subscriptions instead of management certificates" - however, there is no&nbsp;use of&nbsp;any use of management certificates!&nbsp;</P><P>Anyone seen this before?&nbsp;</P> Mon, 04 Apr 2022 06:38:34 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-defender-for-cloud/false-positive/m-p/3275058#M1346 WAGNER 2022-04-04T06:38:34Z Defender for Cloud - Workload Protection features per Workload ? https://gorovian.000webhostapp.com/?exam=t5/microsoft-defender-for-cloud/defender-for-cloud-workload-protection-features-per-workload/m-p/3274471#M1345 <P>I've been thinking about all the current Protection Use cases of Defender for Cloud (Mar/22).</P> <P>&nbsp;</P> <P>There is support for many cloud-native workloads so a bird's eye view of what can be achieved on each is quite welcome I believe.</P> <P>&nbsp;</P> <P>So I've scoured the <STRONG>public official docs</STRONG> and made a chart of some of the capabilities per workload.</P> <P><STRONG>I don't know if there's a better, public and official document on this?</STRONG></P> <P>&nbsp;</P> <P>&nbsp;</P> <SECTION class="section section--body"> <DIV class="section-divider">This is what I found out in my own research:</DIV> <DIV class="section-divider">&nbsp;</DIV> <DIV class="section-content"> <DIV class="section-inner sectionLayout--insetColumn"> <P class="graf graf--p">The list of Workloads was retrieved from <A class="markup--anchor markup--p-anchor" href="#" target="_blank" rel="noopener" data-href="#">the official Microsoft docs page</A>.</P> <P class="graf graf--p">For each Workload’s Protection Use cases, the official public docs file was referenced.</P> <P class="graf graf--p">There are nuances for supported controls per platform <STRONG>so be sure to check the sources for all details</STRONG>.</P> <P class="graf graf--p">Information updated on Mar 2022.</P> <P class="graf graf--p"><STRONG class="markup--strong markup--p-strong">All Information contained in here must always be checked against the latest documentation.</STRONG></P> <P class="graf graf--p"><STRONG class="markup--strong markup--p-strong">For a Complete list of all alerts generated by Defender for Cloud, per workload with reference of MITRE ATT&amp;CK’s tactics, check out </STRONG><A class="markup--anchor markup--p-anchor" href="#" target="_blank" rel="noopener" data-href="#"><STRONG class="markup--strong markup--p-strong">this official doc</STRONG></A><STRONG class="markup--strong markup--p-strong">.</STRONG></P> </DIV> </DIV> </SECTION> <SECTION class="section section--body"> <DIV class="section-divider"><HR /></DIV> <DIV class="section-content"> <DIV class="section-inner sectionLayout--insetColumn"> <FIGURE class="graf graf--figure"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="acamillo_0-1648933543001.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/360780i431936BADDB0D94B/image-size/medium?v=v2&amp;px=400" role="button" title="acamillo_0-1648933543001.png" alt="acamillo_0-1648933543001.png" /></span> <P>&nbsp;</P> <FIGCAPTION class="imageCaption">source: <A class="markup--anchor markup--figure-anchor" href="#" target="_blank" rel="noopener" data-href="#">Microsoft Defender for servers — the benefits and features | Microsoft Docs</A></FIGCAPTION> </FIGURE> <FIGURE class="graf graf--figure"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="acamillo_1-1648933542953.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/360778i6FB9CFD4D5F2268F/image-size/medium?v=v2&amp;px=400" role="button" title="acamillo_1-1648933542953.png" alt="acamillo_1-1648933542953.png" /></span> <P>&nbsp;</P> <FIGCAPTION class="imageCaption">source: <A class="markup--anchor markup--figure-anchor" href="#" target="_blank" rel="noopener" data-href="#">Container security with Microsoft Defender for Cloud | Microsoft Docs</A></FIGCAPTION> </FIGURE> <FIGURE class="graf graf--figure"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="acamillo_2-1648933542960.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/360779i1D23EE414702E9D5/image-size/medium?v=v2&amp;px=400" role="button" title="acamillo_2-1648933542960.png" alt="acamillo_2-1648933542960.png" /></span> <P>&nbsp;</P> <FIGCAPTION class="imageCaption">source: <A class="markup--anchor markup--figure-anchor" href="#" target="_blank" rel="noopener" data-href="#">Microsoft Defender for App Service — the benefits and features | Microsoft Docs</A></FIGCAPTION> </FIGURE> <FIGURE class="graf graf--figure"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="acamillo_3-1648933543059.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/360781i16C94A1230C9272B/image-size/medium?v=v2&amp;px=400" role="button" title="acamillo_3-1648933543059.png" alt="acamillo_3-1648933543059.png" /></span> <P>&nbsp;</P> <FIGCAPTION class="imageCaption">source: <A class="markup--anchor markup--figure-anchor" href="#" target="_blank" rel="noopener" data-href="#">Microsoft Defender for Storage — the benefits and features | Microsoft Docs</A></FIGCAPTION> </FIGURE> <FIGURE class="graf graf--figure"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="acamillo_4-1648933542985.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/360782i03CE58389CD83170/image-size/medium?v=v2&amp;px=400" role="button" title="acamillo_4-1648933542985.png" alt="acamillo_4-1648933542985.png" /></span> <P>&nbsp;</P> <FIGCAPTION class="imageCaption">Source: <A class="markup--anchor markup--figure-anchor" href="#" target="_blank" rel="noopener" data-href="#">Reference table for all security alerts in Microsoft Defender for Cloud | Microsoft Docs</A></FIGCAPTION> </FIGURE> <FIGURE class="graf graf--figure"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="acamillo_5-1648933543276.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/360783i2CAA48A2F4CDCB5D/image-size/medium?v=v2&amp;px=400" role="button" title="acamillo_5-1648933543276.png" alt="acamillo_5-1648933543276.png" /></span> <P>&nbsp;</P> <FIGCAPTION class="imageCaption">Source: <A class="markup--anchor markup--figure-anchor" href="#" target="_blank" rel="noopener" data-href="#">Reference table for all security alerts in Microsoft Defender for Cloud | Microsoft Docs</A></FIGCAPTION> </FIGURE> <FIGURE class="graf graf--figure"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="acamillo_6-1648933543003.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/360784iA696545AE38D4452/image-size/medium?v=v2&amp;px=400" role="button" title="acamillo_6-1648933543003.png" alt="acamillo_6-1648933543003.png" /></span> <P>&nbsp;</P> <FIGCAPTION class="imageCaption">Source: <A class="markup--anchor markup--figure-anchor" href="#" target="_blank" rel="noopener" data-href="#">Microsoft Defender for DNS — the benefits and features | Microsoft Docs</A></FIGCAPTION> </FIGURE> <FIGURE class="graf graf--figure"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="acamillo_7-1648933542999.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/360785i9E427FFBD01963C2/image-size/medium?v=v2&amp;px=400" role="button" title="acamillo_7-1648933542999.png" alt="acamillo_7-1648933542999.png" /></span> <P>&nbsp;</P> </FIGURE> <P class="graf graf--p">Source Azure SQL: <A class="markup--anchor markup--p-anchor" href="#" target="_blank" rel="noopener" data-href="#">Enable database protection for your subscription — Microsoft Defender for Azure Cosmos DB | Microsoft Docs</A></P> <P class="graf graf--p">Source SQL Servers on Machines: <A class="markup--anchor markup--p-anchor" href="#" target="_blank" rel="noopener" data-href="#">Enable database protection for your subscription — Microsoft Defender for Azure Cosmos DB | Microsoft Docs</A></P> <FIGURE class="graf graf--figure"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="acamillo_8-1648933542983.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/360786i9F79AAEC834B4704/image-size/medium?v=v2&amp;px=400" role="button" title="acamillo_8-1648933542983.png" alt="acamillo_8-1648933542983.png" /></span> <P>&nbsp;</P> <FIGCAPTION class="imageCaption">Source: <A class="markup--anchor markup--figure-anchor" href="#" target="_blank" rel="noopener" data-href="#">Microsoft Defender for open-source relational databases — the benefits and features | Microsoft Docs</A></FIGCAPTION> </FIGURE> <FIGURE class="graf graf--figure"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="acamillo_9-1648933542998.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/360787i27D6D7E2CBCAFA0D/image-size/medium?v=v2&amp;px=400" role="button" title="acamillo_9-1648933542998.png" alt="acamillo_9-1648933542998.png" /></span> <P>&nbsp;</P> <FIGCAPTION class="imageCaption">Source: <A class="markup--anchor markup--figure-anchor" href="#" target="_blank" rel="noopener" data-href="#">Overview of Defender for Azure Cosmos DB — Microsoft Defender for Azure Cosmos DB | Microsoft Docs</A><BR /><BR /></FIGCAPTION> </FIGURE> </DIV> </DIV> </SECTION> <SECTION class="section section--body"> <DIV class="section-content"> <DIV class="section-inner sectionLayout--insetColumn"> <H4 class="graf graf--h4">&nbsp;</H4> </DIV> </DIV> </SECTION> Sat, 02 Apr 2022 21:11:56 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-defender-for-cloud/defender-for-cloud-workload-protection-features-per-workload/m-p/3274471#M1345 acamillo 2022-04-02T21:11:56Z Microsoft Defender https://gorovian.000webhostapp.com/?exam=t5/microsoft-defender-for-cloud/microsoft-defender/m-p/3271363#M1343 <P>Hi,</P><P>&nbsp;</P><P>Was just wondering, is there a difference between microsoft defender (previously windows defender) and microsoft defender for cloud?</P> Wed, 30 Mar 2022 11:51:17 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-defender-for-cloud/microsoft-defender/m-p/3271363#M1343 Tsholedi 2022-03-30T11:51:17Z Policy change alert on Defender for Cloud https://gorovian.000webhostapp.com/?exam=t5/microsoft-defender-for-cloud/policy-change-alert-on-defender-for-cloud/m-p/3268346#M1340 <P>Does Defender for Cloud generate any alerts when a security policy is changed or disabled? What's the best way to monitor this?&nbsp; &nbsp;</P> Mon, 28 Mar 2022 04:43:52 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-defender-for-cloud/policy-change-alert-on-defender-for-cloud/m-p/3268346#M1340 Nakool 2022-03-28T04:43:52Z Missing secure Score https://gorovian.000webhostapp.com/?exam=t5/microsoft-defender-for-cloud/missing-secure-score/m-p/3264616#M1338 <P>In 2 different clients, the Secure score is no longer showing up. None of the Defender plans have been enabled, but according to&nbsp;<A href="#" target="_blank">Understand the enhanced security features of Microsoft Defender for Cloud | Microsoft Docs</A>, the Secure score should be shown as part of the free service. Is anyone else experiencing this problem?</P> Wed, 23 Mar 2022 12:52:27 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-defender-for-cloud/missing-secure-score/m-p/3264616#M1338 Dean Gross 2022-03-23T12:52:27Z (Microsoft Defender for Cloud) Request for ability to enable or disable MDE integration on a per VM https://gorovian.000webhostapp.com/?exam=t5/microsoft-defender-for-cloud/microsoft-defender-for-cloud-request-for-ability-to-enable-or/m-p/3258352#M1335 <P>We understand the importance of protecting the entire subscription. However, we have received several requests for the ability to enable it on a per-VM basis.&nbsp;I will post this as feedback. Thanks!</P> Wed, 16 Mar 2022 02:55:42 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-defender-for-cloud/microsoft-defender-for-cloud-request-for-ability-to-enable-or/m-p/3258352#M1335 tahatano 2022-03-16T02:55:42Z assign default initiative not showing https://gorovian.000webhostapp.com/?exam=t5/microsoft-defender-for-cloud/assign-default-initiative-not-showing/m-p/3257226#M1334 <P>Hi&nbsp;<BR />Trying to&nbsp;<SPAN>Creating default initiative, but its not showing under default (after several hours)&nbsp;<BR /><BR /></SPAN></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Taenkeren_0-1647333505321.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/355768iF302BE90F2E5DD8A/image-size/medium?v=v2&amp;px=400" role="button" title="Taenkeren_0-1647333505321.png" alt="Taenkeren_0-1647333505321.png" /></span></P><P><SPAN>When Assigning there's this notification:&nbsp;<BR /><BR /></SPAN></P><DIV class=""><DIV class=""><EM>Creating initiative assignment succeeded</EM></DIV></DIV><DIV class=""><EM>Creating initiative assignment 'Azure Security Benchmark' in 'sub1' was successful. </EM><BR /><EM>Please note that the assignment takes around 30 minutes to take effect.</EM></DIV> Tue, 15 Mar 2022 08:40:43 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-defender-for-cloud/assign-default-initiative-not-showing/m-p/3257226#M1334 Taen keren 2022-03-15T08:40:43Z Step-by-step: How to connect AWS machines to Microsoft Defender for Cloud with Azure Arc https://gorovian.000webhostapp.com/?exam=t5/microsoft-defender-for-cloud/step-by-step-how-to-connect-aws-machines-to-microsoft-defender/m-p/3254409#M1333 <P>&nbsp;Linda Murray and Amy McAuley, Assc Consultants in Azure Cloud and AI at Microsoft, contributed a great detailed write-up on how to connect AWS to Microsoft Defender for Cloud.</P> <P>&nbsp;</P> <P>See all the pre-reqs and steps needed in both AWS and Azure, to get your&nbsp;AWS Security Hub detected misconfigurations and findings included in your Secure Score Model and Regulatory Compliance Experience.</P> <P>&nbsp;</P> <P><A href="https://gorovian.000webhostapp.com/?exam=t5/itops-talk-blog/step-by-step-how-to-connect-aws-machines-to-microsoft-defender/ba-p/3251096?WT.mc_id=modinfra-59837-socuff" target="_blank">https://gorovian.000webhostapp.com/?exam=t5/itops-talk-blog/step-by-step-how-to-connect-aws-machines-to-microsoft-defender/ba-p/3251096?WT.mc_id=modinfra-59837-socuff</A></P> Thu, 10 Mar 2022 23:35:24 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-defender-for-cloud/step-by-step-how-to-connect-aws-machines-to-microsoft-defender/m-p/3254409#M1333 Sonia Cuff 2022-03-10T23:35:24Z Defender and Plans https://gorovian.000webhostapp.com/?exam=t5/microsoft-defender-for-cloud/defender-and-plans/m-p/3249931#M1329 <P>Hi&nbsp;<BR /><BR />What is considered before enabling the various Microsoft Defender plans? - enable all by resources type or enable the specific ones? (what your subscription contains)&nbsp;</P><P>&nbsp;</P><P>There are no cost if you e.g. enable the 'Containers plan' and you don't have any Containers deployed in the Subscription?&nbsp; &nbsp;&nbsp;<BR /><BR />What happens on the subscription level when enabling the containers plan?&nbsp;</P> Tue, 08 Mar 2022 07:21:05 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-defender-for-cloud/defender-and-plans/m-p/3249931#M1329 Taen keren 2022-03-08T07:21:05Z Defender for Server https://gorovian.000webhostapp.com/?exam=t5/microsoft-defender-for-cloud/defender-for-server/m-p/3247808#M1323 <P>We are on the verge of starting a PoC with Defender for Server.<BR />I know of this wel written blog but this blog raises some questions (<A href="https://gorovian.000webhostapp.com/?exam=t5/microsoft-defender-for-cloud/microsoft-defender-for-cloud-poc-series-defender-for-servers/ba-p/2767508" target="_blank">https://gorovian.000webhostapp.com/?exam=t5/microsoft-defender-for-cloud/microsoft-defender-for-cloud-poc-series-defender-for-servers/ba-p/2767508</A>)</P><P>(1) For starter we have 100 Microsoft Defender for Endpoint Server licenses. So if we enable Defender for Server via Defender for Cloud Plan we are going to pay double, via the license and the 15$ per server/month. I presume this is not the way to deploy Defender for Server right ?<BR />(2) What is nowadays the best approach to onboard on-premises server to Defender for Server;<BR />- is it via the (legacy) MMA agent and onboard package<BR />- or via the (new) unified agent and onboard package<BR />- or can we onboard the on-premises server to Azure Arc and let the unified agent be auto-deployed via Defender for Cloud but NOT enabling Defender for Server switch to ON (so enable Defender for Cloud Plan but not enable the Defender for Server toggle to ON)<BR />(3) What is todays best apprach for configuring defender for server policies (EDR, ASR etc) , via Intune or via GPO ?</P> Fri, 04 Mar 2022 19:36:14 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-defender-for-cloud/defender-for-server/m-p/3247808#M1323 fatshark_2k 2022-03-04T19:36:14Z