User Profile
HeikeRitter
MicrosoftJoined 8 years ago
User Widgets
Recent Discussions
Upcoming Webinar Series: ITDR
Update: the recordings of the webinar series ITDR can be found here, please scroll down to "MICROSOFT DEFENDER XDR" The Microsoft POC as a Service (POCaaS) Program is a unique service available to our customers to help evaluate and try out our security offerings, we deliver these on a regular basis to customers around the world. They provide a fully managed test environment where customers can get hands-on experience with some of our core security products. Namely, Microsoft Defender for Identity, Defender for Endpoint, Defender for Cloud Apps, Defender for Office 365, and Sentinel. In addition to the hands on elements of the service one of our subject matter experts delivers a deep dive workshop for the relevant service showcasing its end to end capability and providing full education on the product. With this, we are thrilled to announce a new webinar series where we will take the workshop materials from each of our POCaaS programs, share best practices and provide education on each of the products we cover. What to Expect The webinar series will take the educational content from our POC offerings and condense into multipart 1 hour webinars. We will start with a four-part webinar series withChris Ayresto guide you through ITDR, Identity Threat Detection and Response. Session 1: ITDR Introduction and Prevention Capabilities | April 23, 09:00 AM PST Hear Microsoft's Incident Detection and Response (ITDR) story and understand its critical role in today's dynamic threat landscape. Explore the significance of prevention and adaptive controls. Session 2: Detection | April 24, 09:00 AM PST Discuss the imperative need for robust detection capabilities against advanced identity attacks, whether identities reside on-premises, in hybrid environments, or in the cloud, and discover the comprehensive solutions Microsoft offers to safeguard your entire identity estate effectively. Session 3: Investigation and Hunting | April 30, 09:00 AM PST Learn to empower your SOC with deep visibility into identity entities, context, and telemetry and understand how this capability streamlines efficient investigation and incident triage. Session 4: Response | May 1, 09:00 AM PST Gain insights into native response capabilities seamlessly integrated into the SOC workflow. Learn how to leverage them to effectively respond to identity-related attacks and remediate issues within your environment. We will finish off with a short view on how you can best evaluate the products. Save the Date Reserve your spot for any session or the entire series on the Microsoft Security webinars page: Microsoft Sentinel & Defender XDR Security Public Webinars Don't miss this opportunity to learn directly from our experts and have your questions addressed. We look forward to your participation!Re: Upcoming Webinar Series: ITDR
Hi Paul! All session have been made available here: https://techcommunity.microsoft.com/t5/security-compliance-and-identity/recordings-security-community-webinars/ba-p/2865990 Please scroll down to "MICROSOFT DEFENDER XDR" I will update this post as well, to include the links!Re: Microsoft Defender will not let me log in on Windows 11
Helloakiva31! Thanks for reaching out. I am sorry you are having issues and the support wasn't able to help you out. This forum is for the "Enterprise Defender", and I need to admit, that I don't know much about the consumer version - but let's see if we can help you 🙂 When you say you can't access "Microsoft Defender", are you referring to the App or are you trying to access a specific site? Best, HeikeRe: EICAR file is not blocked by Defender for Endpoint on Linux
Hidjolenole! I checked with the team, and looks like EICAR changed the URL a while back. The correct one is already in our documentation. AV detection test for verifying device's onboarding and reporting services | Microsoft Learn We will update our instruction within the portal to reflect the new URL. Thanks for pointing this out to us! HeikeRe: What is the difference from approve release and release in Microsoft 365 Quarantine?
Barry14850I found the following docs article:Manage quarantined messages and files as an admin | Microsoft Learn " Users can request the release of email messages if the quarantine policy usedAllow recipients to request a message to be released from quarantine( PermissionToRequestRelease permission) instead ofAllow recipients to release a message from quarantine( PermissionToRelease permission) when the message was quarantined. For more information, seeCreate quarantine policies in the Microsoft Defender portal. After a recipient requests the release of the email message, theRelease statusvalue changes toRelease requested, and an admin can approve or deny the request. "Re: Microsoft Defender for endpoint - device running in EDR block mode
Can you please run this command and share the results? https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/edr-block-mode-faqs?view=o365-worldwide#how-do-i-confirm-microsoft-defender-antivirus-is-in-active-or-passive-mode- I am suspecting, that Defender AV did not register properly as the primary AV (for whatever reason)Re: Microsoft Defender for endpoint - device running in EDR block mode
Looks like on the one device showing EDR block mode, there is 3rd party AV installed. Here is what the different modes mean: Active = Defender Antivirus is the primary AV - EDR block isn't relevant, as Defender Antivirus is active. Passive = Defender Antivirus isn't the primary and a 3rd party AV is EDR Block = the same as Passive but with EDR Block mode enabled, which means Defender Antivirus can 'wake up' and stop a threat if the 3rd party AV missed it. So you will either uninstall your 3rd party AV on that device, or leave it with EDR block enabled.Re: Unable to create an evaluation XDR environment
Hi Yash, please don't worry about the branding too much - it will take some time to reflect product name changes across our assets 🙂 defender.microsoft.com and security.microsoft.com will both bring you to the Defender portal. For the missing Sentinel link in the navigation, this is because the integration is currently in private preview, and you will have to wait until it becomes public preview - hopefully soon 😉Re: Trial version: Endpoint evaluation not creating devices
Hi damo123, the problem was solved over a year ago. But, last week we announced the retirement of the eval lab, and that the deprecation will be completed by end of January. If thee are new issues now, I am sorry - but no investments will go into this feature given its retirement.
