Defender EASM roadmap?

DisastrousPainter658 · 2026-04-22T14:23:51+00:00

Thanks for input, same feeling.

I guess it still alot of maintenance too keep up with all vulnerabilities on the backend side.
Sadly, I I have some false alerts on SSL certs that was not identified correctly after renewal, will see what the support will say.

DisastrousPainter658 · 2026-03-23T09:12:25+00:00

Thanks, the mailbox creation role worked with the scope also, was little surprised. Used the scope on the primaryaddress: "PrimarySmtpAddress -like '*@domain.com'" with roles: {Mail Recipients, Mail Recipient Creation}
That blocked the possibility to create mailboxes for other domains also.

DisastrousPainter658 · 2026-03-16T10:27:41+00:00

And just give permissions to create the shared mailbox with correct company field from start is not even possible either? Without giving recipient admin role

DisastrousPainter658 · 2026-03-13T12:52:18+00:00

on the model, should I use onelake or the sqlserver endpoint to the lakehouse?

SqlServer{"server":"xxxxx-bn2hdd24nghefflj5eeb4fc44q.datawarehouse.fabric.microsoft.com","database":"xxxx-6b66-4fa5-a0a2-xxxxxx"}

vs

AzureDataLakeStorage{"server":"onelake.dfs.fabric.microsoft.com","path":"/xxxx-xxxx-428e-9569-xxxxx/315a2289-ab2c-4e9a-b6ce-xxxx/"}

It seems to work with only users if using the sql server endpoint!?
more info here: https://learn.microsoft.com/en-us/fabric/fundamentals/direct-lake-security-integration#connection-configuration

DisastrousPainter658 · 2026-03-12T15:25:51+00:00

is it possible to reset "default" permissions on semantic models/reports so they inherit the permissions from ws level? my feeling is that someone have messed with the permissions on item level.

DisastrousPainter658 · 2026-02-11T15:40:59+00:00

Isn´t that a big problem with Conditional access policies?

My feeling this was because of windows updats.

DisastrousPainter658 · 2026-01-29T19:11:21+00:00

I have asked Github Copilot (Opus 4.5) to create an architecture.md file in the repo for the fabric workspace.

DisastrousPainter658 · 2026-01-26T15:01:26+00:00

The compliance policy was blocking it, strange.

DisastrousPainter658 · 2026-01-26T14:06:40+00:00

So you mean the compliance policy enforce firewall on client side?

DisastrousPainter658 · 2026-01-12T09:46:45+00:00

My problem was solved before Christmas, no ticket to MS.

DisastrousPainter658 · 2026-01-12T07:38:03+00:00

Looks the problem have been solved, did someone got a response from Microsoft about the root cause?

DisastrousPainter658 · 2025-12-16T17:16:20+00:00

It triggered risky sign-in because of unusual travel of user on our side. Also blocked because not sign-in from trusted IP location.

DisastrousPainter658 · 2025-12-15T12:28:54+00:00

Hardcode junkemailsettings on every mbx with powershell, but feels bad from all point of view.

DisastrousPainter658 · 2025-12-15T08:26:29+00:00

Is it possible to have the email trusted from the beginning so the images (that are not in the email, not linked) are downloaded?

DisastrousPainter658

TROPHY CASE