MS Defender Azure Arc Logic App
What is the best procedure for configuring a Logic App for Microsoft Defender in an Azure Arc environment? We had a very unexpected experience during onboardingâafter configuring the Logic App, we missed setting a cap, and within a week, it consumed over $18K USD. I believe there must be a way to fine-tune the configuration to optimize costs. From my perspective, no organization would adopt an environment with such high costs for Microsoft Defender Plan 2 without better cost control measures in place. Could you suggest best practices or optimizations to prevent such excessive consumption?
Weird updates "Security Threat Intelligence" on desktop
Hi guys, my name is Mo and I am new to the XRD community đ„° I m observing anomalous device behavior. Upon login or wake-up, multiple virtual machines are active, some exhibiting headless screen reader functionality. This issue emerged following the installation of Microsoft security threat intelligence updates. Considering Windows Defender's machine learning and predictive maintenance capabilities, I question the deployment of these updates to my system. Is this update a standard Windows component? The associated URL is currently inaccessible. I acknowledge the potential of XR, CDN, and Hologres technologies (and other Azure/cloud-enabled features) to alter user experience. Could someone provide clarification regarding these iterative security updates? My usage is limited to cloud platforms and reputable open-source software; I do not utilize malicious websites. Thank you. #misclassification?
XDR Critical asset management - Custom classifications not picking up assets
Hi community, I tried creating a number of Custom classifications. For example, by creating a filter on Identity -> AD Roles, or Cloud resource -> Category -> virtual_machine. When previewing the filter during creation, it displays the desired results. The classifications are created without any errors. But when I go back after refreshing the page, the Custom classifications I just created contain "0" resources. Clicking any classification , on the Assets tab, they show zero members (assets). What did I do wrong? Best Regards, Andy
Sent from Outlook for iOS links Being Quarantined in Defender
Hi, Microsoft seem to be falsely flagging their own shortening URL for hxxps://aka.ms/o0ukef as High Confidence Phishing This is the link that is created in emails when a user sends an email from Outlook for iOS This is causing a lot of emails to be blocked and sent to the Quarantine queue. Can someone at MS take a look and get this addressed.
Recieving increasing number of phishing attempts mimicking Microsoft MFA QR Codes
Even though we are MS 365 defender customers for all our users (EMS + E3) we are receiving an increasing number of phishing attempts based on good looking MFA connection requests. Furthermore these are based on QR Codes, which can be used on a smartphone where the security rules will be helpless against such attacks. And these attempts are absolutely not filtered.
Blocked by organization policy : Antimalware policy block by file type
Hi Can someone please shed some light on this. I am trying to identify if a DLP or Anti-malware policy is blocking an email. The real-time detection has this: Primary Override : Source Blocked by organization policy : Antimalware policy block by file type Would this be one of the policies in policies & rules>threat policies> anti-malware ? I was hoping there would be a setting that can pin-point the policy name or rule. Please advise
