Defender
      Back to home
      1. Sittadel Knowledge Base
      2. Azure Portals
      3. Defender

      Defender for Endpoint File Hash IOC Allowance

      This guide will show an administrator how to allow a necessary file to be exempt from MDE scanning criteria for enrolled devices.

      Role Requirements

      Procedure Scope: Administrators

      Required Group Membership: Admin.Security

      Handbook Reference

      Package: Device Security

      Domain: Endpoint Indicator Management

      Modifies: Allowed File Hashes

      Defender for Endpoint File Hash IOC Allowance

      1. Navigate to the File Hash – Microsoft Defender portal, locate and select the Add Item action.
      2. A pop-up will be generated supply the desired File Hash in the provided input box. You will also need to provide basic information associated with the entry such as Title and Description, with the intent of giving future context if the rule is to be reviewed later. From this page you will either keep the default allow time frame of Never or specify a Custom time frame. Select Next to continue.
      3. For the response action, select Allow this will allow the file associated with the hash to run on devices. Select Next to continue.
      4. The default for the organizational scope is set to all MDE joined devices, select Next to continue.
      5. The summary page will allow you to see all configured settings for the indicator, if you detect a discrepancy at this stage make note of the section and select Back to go to the previous sections to make the necessary alterations before finalization. If everything checks out, select Submit to publish the indicator.

      Need Assistance?

      Reach out to your Customer Success Manager to discuss how a Sittadel cybersecurity analyst can assist in managing these tasks for you. New to our services? Inquire about arranging a consultation to explore optimizing your Azure environment for painless management.