MS Defender Azure Arc Logic App
What is the best procedure for configuring a Logic App for Microsoft Defender in an Azure Arc environment? We had a very unexpected experience during onboarding—after configuring the Logic App, we missed setting a cap, and within a week, it consumed over $18K USD. I believe there must be a way to fine-tune the configuration to optimize costs. From my perspective, no organization would adopt an environment with such high costs for Microsoft Defender Plan 2 without better cost control measures in place. Could you suggest best practices or optimizations to prevent such excessive consumption?
Replacement for Windows Authenticated Scanning
For cost saving, we were looking at replacing our existing vulnerability scanner with Defender and using device scanning. Due to the nature of some of our systems, we can't enroll all of them in Defender and had hoped to use Windows Authenticated Scanning for the unmanaged devices. It looks like that is being deprecated, and the FAQ page indicates that there is currently no direct replacement. While the number of systems we have that can't be enrolled in relatively minimal, is there any kind of scanning I'm missing as part of the product that would allow remote scans of Windows devices as opposed to enrolling? It doesn't look like it. Seems like taking away a component that gives some kind of feature parity without another option is a bad idea, but maybe I'm just missing something.Onboarding Devices: "No authenticated user found"
Hi, I am looking to onboard a device in Purview for the purpose of testing some Endpoint DLP policies. I have ran the onboarding script locally and the device successfully appears on the 'Devices' screen. 'Real time protection/RTP' and 'Behavior monitoring/BM' both show as 'enabled' with a green tick, however under 'Valid User' it has a red cross and states: "Invalid: No authenticated user found. Without proper authentication, data classification is impeded. To ensure precise validation, we recommend re-onboarding to Active Directory". The device is in active directory. I have signed into the device with an account that is also in Active Directory. Is there anything additional that I need to do? Any help would be really appreciated - thank you!!!
Onboard to Azure Arc with Security in Mind
Azure Arc allows you to manage on-premises resources like servers from Azure. This is a powerful feature that can help streamline the management process of hybrid environments, but it also further blurs the security boundary between your on-premises landscape and Azure. In this article we discuss some tipes for ensuring that the onboarding to Azure Arc is done with security in mind.
Newsletter for updates - as per customer request
one of my colleague asked a question and i couldn't help him maybe here you ll be able to clarify <::One of my customers mentioned, that they want to be proactively informed about security incidents and news around the topic security from Microsoft, as they have critical infrastructure. Does anyone know, which newsletter that customer could register for?::>Consistent language for description of permissions
Is there any reference that describes the permissions that can be granted in Defender XDR, and how those permissions can be granted using Entra ID roles, Defender XDR Unified RBAC roles, or through the individual Defender point products that have been integrated into XDR, using consistent, standardized language? The documentation for Entra ID describes permissions in this format: microsoft.directory/provisioningLogs/allProperties/read The documentation for Defender XDR describes them in this format: Security operations \ Security data \ Email advanced actions (manage) I'm basically looking for something that says "permissions to do n function is granted by x role in Entra ID, y role in Defender XDR, or z role in Defender for Office 365." Is this something that's not possible at a company of Microsoft's size and complexity? Kind of like how this is the Microsoft Defender XDR community forum, but there's no "Microsoft Defender XDR" label for the mandatory labeling of posts?
