This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Microsoft Q&A
1,742 questions
A cloud-native solution that protects workloads across hybrid and multi-cloud environments with threat detection and security recommendations
Hi Team, We are trying to configure Web Content Filtering in Microsoft Defender and scope the policy to a specific Device Group (Machine Group) instead of applying it to All devices in the organization. As per Microsoft documentation, Device Groups…
A cloud-native solution that protects workloads across hybrid and multi-cloud environments with threat detection and security recommendations
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 81%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENP%3C/text%3E%3C/svg%3E)
We are experiencing an issue with Microsoft Defender for Cloud recommendations where deleted resources continue to be flagged as requiring action. It has been more than 10 days since these resources were deleted, yet they still appear as non-compliant in…
A cloud-native solution that protects workloads across hybrid and multi-cloud environments with threat detection and security recommendations
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 77%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
Hi i have connected AWS account to Defender for cloud foundational CSPM, it is more than 30 hours and i still cannot see resources listed in Inventory. And the status in environment variables says it is connected. Any idea what's the issue.
A cloud-native solution that protects workloads across hybrid and multi-cloud environments with threat detection and security recommendations
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 4%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENR%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 99%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
the person i bought the laptop is still logged on as wdagutilityaccount, how do i remove him from it
A cloud-native solution that protects workloads across hybrid and multi-cloud environments with threat detection and security recommendations
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 15%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKS%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 91%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWT%3C/text%3E%3C/svg%3E)
Service: Microsoft Defender for Cloud (Recommendations / Secure Score), Azure Resource Graph for verification. Scenario: Six Defender for Cloud recommendations have remained Unhealthy for resources that were remediated days ago and are verifiably…
A cloud-native solution that protects workloads across hybrid and multi-cloud environments with threat detection and security recommendations
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 80%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESH%3C/text%3E%3C/svg%3E)
We are seeing high severity OpenSSL vulnerability recommendations in Microsoft Defender for Cloud for certain Azure virtual machines, which is impacting our Secure Score. From our analysis: The OpenSSL is no longer used in the current application or…
A cloud-native solution that protects workloads across hybrid and multi-cloud environments with threat detection and security recommendations
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 87%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECP%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 92%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
I'd like to confirm the actual behavior of the Endpoint Protection setting under Defender for Cloud's Settings & monitoring page when Defender for Servers is disabled on the subscription. Based on this document, I understood that Endpoint Protection…
A cloud-native solution that protects workloads across hybrid and multi-cloud environments with threat detection and security recommendations
We have enabled Defender CSPM with Permissions Management on 120 Azure subscriptions across our enterprise environment. We're trying to use the over-provisioned identity recommendations to achieve least privilege access, but we're seeing inconsistent…
A cloud-native solution that protects workloads across hybrid and multi-cloud environments with threat detection and security recommendations
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(16, 21%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDL%3C/text%3E%3C/svg%3E)
We are trying to add discovery group exclusions in EASM but getting authentication required error after submitting the change. We are not sure about what changes in user role should we do, as i am already logged in to EASM but still it shows…
A cloud-native solution that protects workloads across hybrid and multi-cloud environments with threat detection and security recommendations
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(121.6, 65%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
We are currently addressing a newly introduced Azure Tenant Security (AZTS) control: “Microsoft Defender for Servers must be enabled on subscriptions” across all subscriptions. As per the remediation guidance provided…
A cloud-native solution that protects workloads across hybrid and multi-cloud environments with threat detection and security recommendations
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 33%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERC%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 85%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVS%3C/text%3E%3C/svg%3E)
We are observing a Microsoft Defender for Cloud recommendation related to our Azure Storage account: “Storage accounts should use a private endpoint connection” Current scenario: The storage account is already secured using network/firewall rules and…
A cloud-native solution that protects workloads across hybrid and multi-cloud environments with threat detection and security recommendations
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 48%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERG%3C/text%3E%3C/svg%3E)
Our Microsoft Defender for Cloud secure score has dropped from 100% to 78%. We have identified the following active recommendations and are seeking guidance on the best remediation approach so that we are able to get our secure score back up to 100%. …
A cloud-native solution that protects workloads across hybrid and multi-cloud environments with threat detection and security recommendations
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 96%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAC%3C/text%3E%3C/svg%3E)
Hi Team, The control “SQL databases should have vulnerability findings resolved” is currently being flagged across multiple subscriptions. AIA Pricing Engine AIA Pricing Engine - Prod Upon validation, we confirmed the following: There are no active…
A cloud-native solution that protects workloads across hybrid and multi-cloud environments with threat detection and security recommendations
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 70%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
Please provide/guide on extraction of a complete CSV tenant report containing all machine names paired with their active software vulnerabilities (CVE IDs).
A cloud-native solution that protects workloads across hybrid and multi-cloud environments with threat detection and security recommendations
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 72%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
We are currently experiencing a large volume of recommendations related to software updates (SoftwareUpdate) in Microsoft Defender for Cloud. Background: Due to a recent behavior change in Defender for Cloud, recommendations are now generated per…
A cloud-native solution that protects workloads across hybrid and multi-cloud environments with threat detection and security recommendations
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 82%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKM%3C/text%3E%3C/svg%3E)
We observed that an NSG rule in Server – mazawea510 (multiuser) is configured with both Source and Destination set to “Any”. However, Microsoft Defender for Cloud is not currently showing any NSG-related recommendation to remediate or review this…
A cloud-native solution that protects workloads across hybrid and multi-cloud environments with threat detection and security recommendations
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 92%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETS%3C/text%3E%3C/svg%3E)
I have Defender for Servers Plan 2 enabled at the subscription level. One of my VMs is a Cisco Meraki vMX deployed as a managed application. The managed app creates a deny assignment on its resource group (mrg-cisco-meraki-vmx-*) that blocks all writes,…
A cloud-native solution that protects workloads across hybrid and multi-cloud environments with threat detection and security recommendations
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 72%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMK%3C/text%3E%3C/svg%3E)
Has anyone successfully configured Defender for Cloud continuous export to a LAW in a different subscription, and what was the exact method used?
A cloud-native solution that protects workloads across hybrid and multi-cloud environments with threat detection and security recommendations
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 61%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 10%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
I have Foundational CSPM enabled on an Azure subscription with approximately 28 resources, but the Defender for Cloud Inventory page only displays 1 resource (an auto-created Log Analytics workspace). I'd like help getting discovery to populate the full…
A cloud-native solution that protects workloads across hybrid and multi-cloud environments with threat detection and security recommendations
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 0%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELD%3C/text%3E%3C/svg%3E)
I am noticing inconsistencies in the MDC recommendations, as both the count and severity appear to change over time. I’m not sure why the severity is being updated periodically. For example, on May 1st, the number of low-severity, risk-based…
A cloud-native solution that protects workloads across hybrid and multi-cloud environments with threat detection and security recommendations
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 64%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAC%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 42%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDS%3C/text%3E%3C/svg%3E)