Duplicate Microsoft MDE PowerBI Templates?

[SmittySec]

@YongRhee-MSFT - I'm trying to track down firewall events, and came across two Microsoft projects for MDE Power BI templates?

Do you know which one is actively maintained? MDE has deleted the firewall dashboard, and this one using Fully spelled Defender for Endpoint has it up.

This might be a candidate for merging or archive one.

Thanks, Rich

PS any reason why the FW dashboard was deleted in this github?

[YongRhee-MSFT]

@SmittySec , do you have Microsoft Defender for Endpoint (MDE, formerly known as Microsoft Defender Advanced Threat Protection (MDATP))? If not, we have a new Windows Firewall report in MEM (Intune). You could learn more about it here: https://docs.microsoft.com/en-us/mem/intune/fundamentals/whats-new#endpoint-security-firewall-reports Thx.

[SmittySec]

Yes, currently rolling out MDE. We confirmed with our fast track consultant from Avanade, and they were also having problems pulling the data using the Advanced Hunting Query from other tenants as well. I confirmed we are auditing success/failures on the auditpol. Looks like something might have changed with how that ActionType is forwarded?

Thanks,

Rich

---

From: Yong Rhee [MSFT] notifications@github.com Sent: Tuesday, February 23, 2021 5:19 PM To: microsoft/MDE-PowerBI-Templates MDE-PowerBI-Templates@noreply.github.com Cc: SmittySec smith.richardb@outlook.com; Mention mention@noreply.github.com Subject: Re: [microsoft/MDE-PowerBI-Templates] Duplicate Microsoft MDE PowerBI Templates? (#10)

@SmittySechttps://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FSmittySec&data=04%7C01%7C%7Ce2448aec31b148afb77a08d8d8518963%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637497191990603947%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=yXqVKVJDen0Ilhrl4O2Cevu1fnp2jOkeGWvzgFr23dc%3D&reserved=0 , do you have Microsoft Defender for Endpoint (MDE, formerly known as Microsoft Defender Advanced Threat Protection (MDATP))? If not, we have a new Windows Firewall report in MEM (Intune). You could learn more about it here: https://docs.microsoft.com/en-us/mem/intune/fundamentals/whats-new#endpoint-security-firewall-reportshttps://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmem%2Fintune%2Ffundamentals%2Fwhats-new%23endpoint-security-firewall-reports&data=04%7C01%7C%7Ce2448aec31b148afb77a08d8d8518963%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637497191990613939%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=u3ciOESaI69H31NVm%2BG0k7%2FMRVKZNRgNU2B8R5v3N3o%3D&reserved=0 Thx.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fmicrosoft%2FMDE-PowerBI-Templates%2Fissues%2F10%23issuecomment-784584394&data=04%7C01%7C%7Ce2448aec31b148afb77a08d8d8518963%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637497191990613939%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=q0o8GPrVzc8vCC9eiLuGEPo0SoblI%2FER%2FCWBxtbuSdU%3D&reserved=0, or unsubscribehttps://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAS63XZCLYU6NTFPKZ7CHMALTAQZZ3ANCNFSM4YDGBRGA&data=04%7C01%7C%7Ce2448aec31b148afb77a08d8d8518963%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637497191990623939%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=qDrVUKAV4MQZl%2F3L5R29Coo5WGNp4M4r3s5PGGT%2FpVA%3D&reserved=0.