User Profile
AndAufVCG
Brass Contributor
Joined 4 years ago
User Widgets
Recent Discussions
Custom data collection in MDE - what is default?
So you just announced the preview of "Custom data collection in Microsoft Defender for Endpoint (Preview)" which lets me ingest custom data to sentinel. Is there also an overview of what is default and what I can add? e.g. we want to examine repeating disconnects from AzureVPN clients (yes, it's most likely just Microsoft's fault, as the app ratings show 'everyone' is having them) How do I know which data I can add to DeviceCustomNetworkEvents which isnt already in DeviceNetworkEvents?Conditional Access Policies not working as intended/expected
What I try to achieve: If $user signs in to office.com from their private/shared computer/tablet they should be logged out as soon as they close their browser to ensure nobody else can just re-open the browser and get into the session. To achieve that, we deployed the following CAP: This seems to do what we wanted. But sadly, it also does more, which we do not want: It signs off users in their active browser. So if someone uses e.g. outlook.office.com they will be signed out after a very random amount of time. So how do we get users signed off on closing the browser but keep them signed in UNTIL they close the browser?
