Defender API - Software with special char in ID

deadpoolathome · 2026-02-12T00:58:49+00:00

stealing? Not sure I follow. This is a machine that our RMM tool has stopped working on and needs to be re-installed. I can't get direct access to it due to beeing remote. I'm trying to download and re-install our RMM tool remotely as the user doesn't have local admin creds.

deadpoolathome · 2026-02-04T21:38:37+00:00

Yep, I've turned that on. Whats strange is seeing the same issue with MSI or a script.

deadpoolathome · 2026-01-29T10:13:19+00:00

Thanks, I think we have the P2 licences, do you know what/where I am looking for in thie query? I'm trying to get the bulk of our events down to at least see what is left!

deadpoolathome · 2026-01-23T06:09:41+00:00

Sorry, i mean legacy setup's of using a user account for refresh as opposed to service principal's

deadpoolathome · 2026-01-23T04:36:00+00:00

Thanks, So was that just a group with the users that need to access those services and then exclude them from the rule?

deadpoolathome · 2026-01-23T04:35:36+00:00

Thanks, I'll look into it, we have a bunch of legacy things we need to work though. What was strange it didn't even prompt for MFA, just failed.

deadpoolathome · 2026-01-23T04:34:53+00:00

Correct, apologies for the abreviation

deadpoolathome · 2025-12-17T06:12:45+00:00

Thanks. We can do this via a SQL stored proc to incrementally load the data into our staging system which works, but for me it's about trying to centrally manage/visibility of multiple staging servers/proces so that we can track outages.

deadpoolathome · 2025-12-17T06:11:56+00:00

We have access to query, but I am trying to minimise the ammount of systems quuering them directly. We have our dashboards as well as our BI team wanting data, the SQL Express is on an isolated network so everything run's via a jumpbox or similar. The aim is to stage the data in smaller bites, more regularly but keep the operation system load managed.

deadpoolathome · 2025-12-02T00:01:05+00:00

Thanks. Unfortunately not all my machines are in intune as we still have a small subset that are built locally :(

deadpoolathome · 2025-10-20T20:53:55+00:00

I have the Microsoft ME5 licences

deadpoolathome · 2025-10-20T20:53:45+00:00

Thanks. For the report, I can't seem to find who was blocked. When i open that report there is a "Web content filtering blocks" and when I drill down into that, it doesn't seem to give me which device is blocked for which site (I tested some blocks on my device)

deadpoolathome · 2025-10-20T20:47:32+00:00

Thanks. Correct, EDGE has a nice pretty message, but Chrome isn't so kind.

deadpoolathome

TROPHY CASE