The Defender for Identity logs provide insight into what each component of Microsoft Defender for Identity sensor is doing at any given point in time. The Defender for Identity logs are located in a subfolder called Logs where Defender for Identity is installed; the default location is: C:\Program Files\Azure Advanced Threat Protection Sensor\. In the default installation location, […]
Category: Troubleshooting Microsoft
Troubleshooting Microsoft Business(19)
Troubleshooting Microsoft Endpoint(21)
Troubleshooting Microsoft Home(18)
Troubleshooting Microsoft Defender for Identity Known Issues
Sensor failure communication error If you receive the following sensor failure error: System.Net.Http.HttpRequestException: An error occurred while sending the request. —> System.Net.WebException: Unable to connect to the remote server —> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host […]
Troubleshoot SIEM tool integration issues (Microsoft)
Want to experience Defender for Endpoint? Sign up for a free trial. You might need to troubleshoot issues while pulling detections in your SIEM tools. This page provides detailed steps to troubleshoot issues you might encounter. Learn how to get a new client secret If your client secret expires or if you’ve misplaced the copy provided […]
Common Microsoft 365 Defender REST API error codes
Important The improved Microsoft 365 Defender portal is now available. This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 Defender portal. Learn what’s new. Applies to: Microsoft 365 Defender Important Some information relates to prereleased product which may be substantially modified before it’s commercially released. Microsoft makes […]
Troubleshoot attack surface reduction rules (Microsoft)
When you use attack surface reduction rules you may run into issues, such as: A rule blocks a file, process, or performs some other action that it shouldn’t (false positive) A rule doesn’t work as described, or doesn’t block a file or process that it should (false negative) There are four steps to troubleshooting these problems: Confirm […]
Troubleshoot network protection (Microsoft)
Tip Want to experience Defender for Endpoint? Sign up for a free trial. This article provides troubleshooting information for network protection, in cases, such as: Network protection blocks a website that is safe (false positive) Network protection fails to block a suspicious or known malicious website (false negative) There are four steps to troubleshooting these problems: Confirm […]
Troubleshoot Microsoft Defender for Endpoint live response issues
This page provides detailed steps to troubleshoot live response issues. File cannot be accessed during live response sessions If while trying to take an action during a live response session, you encounter an error message stating that the file can’t be accessed, you’ll need to use the steps below to address the issue. Copy the […]
Troubleshoot service issues (Microsoft)
This section addresses issues that might arise as you use the Microsoft Defender for Endpoint service. Server error – Access is denied due to invalid credentials If you encounter a server error when trying to access the service, you’ll need to change your browser cookie settings. Configure your browser to allow cookies. Elements or data […]
Data collection for advanced troubleshooting on Windows (Microsoft)
When collaborating with Microsoft support professionals, you may be asked to use the client analyzer to collect data for troubleshooting of more complex scenarios. The analyzer script supports other parameters for that purpose and can collect a specific log set based on the observed symptoms that need to be investigated. Run ‘MDEClientAnalyzer.cmd /?‘ to see […]
Fix unhealthy sensors in Microsoft Defender for Endpoint
Devices that are categorized as misconfigured or inactive can be flagged due to varying causes. This section provides some explanations as to what might have caused a device to be categorized as inactive or misconfigured. Inactive devices An inactive device is not necessarily flagged due to an issue. The following actions taken on a device […]