You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/defender-for-cloud/faq-general.yml
+11-5Lines changed: 11 additions & 5 deletions
Original file line number
Diff line number
Diff line change
@@ -3,8 +3,8 @@ metadata:
3
3
title: Common questions - General questions
4
4
description: Frequently asked general questions about Microsoft Defender for Cloud, a product that helps you prevent, detect, and respond to threats
5
5
services: defender-for-cloud
6
-
author: elkrieger
7
-
ms.author: elkrieger
6
+
author: dcurwin
7
+
ms.author: dacurwin
8
8
manager: raynew
9
9
ms.topic: faq
10
10
ms.custom: ignite-2022
@@ -94,7 +94,7 @@ sections:
94
94
answer: |
95
95
The Microsoft Security Response Center (MSRC) performs select security monitoring of the Azure network and infrastructure and receives threat intelligence and abuse complaints from third parties. When MSRC becomes aware that customer data has been accessed by an unlawful or unauthorized party or that the customer’s use of Azure does not comply with the terms for Acceptable Use, a security incident manager notifies the customer. Notification typically occurs by sending an email to the security contacts specified in Microsoft Defender for Cloud or the Azure subscription owner if a security contact is not specified.
96
96
97
-
Defender for Cloud is an Azure service that continuously monitors the customer’s Azure, multicloud, and on-premises environment and applies analytics to automatically detect a wide range of potentially malicious activity. These detections are surfaced as security alerts in the workload protection dashboard.
97
+
Defender for Cloud is an Azure service that continuously monitors the customer's Azure, multicloud, and on-premises environment and applies analytics to automatically detect a wide range of potentially malicious activity. These detections are surfaced as security alerts in the workload protection dashboard.
98
98
99
99
100
100
- question: |
@@ -187,7 +187,7 @@ sections:
187
187
- question: |
188
188
Can I exempt or dismiss some of the accounts?
189
189
answer: |
190
-
The capability to exempt some accounts that don’t use MFA is available on the new recommendations in preview:
190
+
The capability to exempt some accounts that don't use MFA is available on the new recommendations in preview:
191
191
192
192
- Accounts with owner permissions on Azure resources should be MFA enabled
193
193
- Accounts with write permissions on Azure resources should be MFA enabled
@@ -213,7 +213,7 @@ sections:
213
213
214
214
- Identity recommendations aren't available for subscriptions with more than 6,000 accounts. In these cases, these types of subscriptions will be listed under Not applicable tab.
215
215
- Identity recommendations aren't available for Cloud Solution Provider (CSP) partner's admin agents.
216
-
- Identity recommendations don’t identify accounts that are managed with a privileged identity management (PIM) system. If you're using a PIM tool, you might see inaccurate results in the **Manage access and permissions** control.
216
+
- Identity recommendations don't identify accounts that are managed with a privileged identity management (PIM) system. If you're using a PIM tool, you might see inaccurate results in the **Manage access and permissions** control.
217
217
- Identity recommendations don't support Azure AD conditional access policies with included Directory Roles instead of users and groups.
218
218
219
219
@@ -327,6 +327,12 @@ sections:
327
327
answer: |
328
328
Different recommendations have different compliance evaluation intervals, which can range from every few minutes to every few days. So, the amount of time that it takes for recommendations to appear in your exports varies.
329
329
330
+
- question: |
331
+
How can I get an example query for a recommendation?
332
+
answer: |
333
+
To get an example query for a recommendation, open the recommendation in Defender for Cloud, select **Open query**, and then select **Query returning security findings**.
334
+
335
+
:::image type="content" source="media/faq-general/recommendation-example-query.png" alt-text="Screenshot of how to create example query for recommendation.":::
330
336
331
337
- question: |
332
338
Does continuous export support any business continuity or disaster recovery (BCDR) scenarios?
0 commit comments