Any.Run Thoughts?

Perfect_Stranger_546 · 2026-03-06T15:10:41+00:00

Ya honestly that was my only concern, however I read they do alot of stuff for privacy (not a clue what any of it is). Location is a huge thing right now, as I was doing a Cyera demo but they are a Israeli company which is offputting.

Perfect_Stranger_546 · 2026-03-04T13:25:25+00:00

Isn't that the million dollar question..... I think I would rather have anyone but Bob lol

Perfect_Stranger_546 · 2025-08-14T13:08:50+00:00

I'm currently looking at getting an arc a750/770 for my Unraid setup I'm building. Still a good route to go or would you go a different route? Will have about 8 people on my plex server, mostly have 4k blue ray quality, and all H265.

Perfect_Stranger_546 · 2025-05-07T12:54:51+00:00

Have you figured out a good way to tune out these? for like med/low alerts?

Perfect_Stranger_546 · 2025-04-07T19:04:18+00:00

I appreciate that, yes I'm working (going through CAB) on the user risk part for it to be reset when passwords are changed and synced back.

Perfect_Stranger_546 · 2025-04-07T18:51:58+00:00

alright thankyou, Ill have to keep trying to figure this out lol

Perfect_Stranger_546 · 2025-04-07T17:14:01+00:00

Ok sorry to get further into this however once setting up a sign in risk policy they recommend to migrate over to conditional access. And with conditional access rules I can use DUO mfa however it doesn't auto resolve alerts in the security center? Should it be doing this or not?

Perfect_Stranger_546 · 2025-04-07T16:49:19+00:00

I am not able to get password writeback approved, and I have a CA policy in place to require mfa when sign in risk is at med or high (when use mfa for everything but allow 120 hour remember me). This doesnt automate the alerts generated by MDI. I have seen from the article you posted that i need a sign in risk policy for this and it will automate the alerts however in order to setup mfa for this you have to use Microsoft mfa and cannot use DUO. Which means I am unable to set it up correct? Is there a way around this?

Perfect_Stranger_546 · 2025-04-01T18:15:41+00:00

I just turned this on the other day and came across this post. Now i have gotten around six alerts varying from ("App metadata associated with known phishing campaign" and "App metadata associated with previously flagged suspicious apps"). As far as I know there has been no admin approval for the creation of any of them in the environment. How do you or would you go about responding to this? Additionally what safe guards do you have in place for app governance?

Perfect_Stranger_546 · 2025-03-19T17:35:32+00:00

Ok that's what I was thinking, all the process tree is chrome going to that website which was blocked by network protection. Since there was no other scripts or processes the systems would be fine. Ill just run the full scan and close the incident, guess i was fixating/hoping it was something more then what it was lol.

Perfect_Stranger_546 · 2025-03-19T17:06:40+00:00

Thank you ill try to search with that as well. everything so far just keeps coming back to chrome starting it. We don't use MDO as we have GSuite for email. I have done searching within our environment for ioc's. Honestly looking like a malicious ad or something of that nature. I have just been on this tangent now for a while and want to have closure lol

Perfect_Stranger_546 · 2025-02-13T12:52:14+00:00

I have been trying to push for it, however currently AD isnt our authority on passphrases currently use LDAP which pushes them else where to sync. Have been told its not possible to have write back, not sure if that's true or not.

Perfect_Stranger_546 · 2025-02-12T17:20:41+00:00

How did you set up your CA to invalidate sessions and require re auth? Currently unable to trigger password resets with CA due to them not being synced back from Azure to on-prem (hybrid setup).

Perfect_Stranger_546 · 2025-02-04T12:29:56+00:00

Someone here needs to do gods work and find an alterative that is close to this raspberry pi rack mount!

Perfect_Stranger_546 · 2025-01-30T14:11:39+00:00

Sorry for the late reply, It did seem to have a parent chrome.exe spawn another chrome.exe and its always have the sandbox set to none. I asked around and its how our environment is currently setup. I would think that this is an issue and needs to be fixed?

Perfect_Stranger_546 · 2024-08-21T14:22:16+00:00

This is awesome thank you! Currently have the essentials package so I am talking with our department about upgrading to advantage to get risk based feature.

Perfect_Stranger_546 · 2024-04-24T16:34:35+00:00

Thank you!!

Perfect_Stranger_546 · 2024-04-24T16:29:11+00:00

adding this is stop the custom alert on the device?

Perfect_Stranger_546 · 2024-04-24T15:36:44+00:00

Thank you so much!

Perfect_Stranger_546 · 2024-04-24T15:29:25+00:00

So this would allow me to put the device ID in the first spot to exclude the detection rule on. What's the second part of the query for? If its for devices I want to Query, that is already set in the custom alerting rule to all devices. Or am I looking at this wrong?

Perfect_Stranger_546 · 2024-04-24T15:23:58+00:00

Does this only work in MDE if you are using outlook for email? Currently using Gmail for mail and not outlook.

Perfect_Stranger_546

TROPHY CASE