You have a Microsoft 365 tenant.
You plan to manage incidents in the tenant by using the Microsoft 365 Defender.
Which Microsoft service source will appear on the Incidents page of the Microsoft 365 Defender portal?
You have a Microsoft 365 tenant.
You plan to manage incidents in the tenant by using the Microsoft 365 Defender.
Which Microsoft service source will appear on the Incidents page of the Microsoft 365 Defender portal?
Microsoft Defender for Identity is a security service that is part of the Microsoft 365 Defender suite. It provides security alerts that appear on the Incidents page of the Microsoft 365 Defender portal, helping organizations detect and respond to identity-related threats. Other services like Microsoft Sentinel and Azure Arc do not directly provide alerts in the Microsoft 365 Defender portal. Microsoft Defender for Cloud is more focused on the security of cloud resources and does not integrate with the Incidents page in the same direct manner as Microsoft Defender for Identity.
What kind of questions are these? How does this help in getting certified? Microsoft has lost their mind
I keep thinking this. Such obscure specific trivia for such a massive platform. Guess that prevents too many people from passing anyway.
Microsoft Sentinel is a SIEM system and will not forward alerts to M365 Defender. Events will rather be forwarded from M365 Defender TO Sentinel. Azure ARC and Defender for Cloud (not Defender for Cloud Apps) will send their alerts to Sentinel. That leaves MS Defender for Identity and that will indeed send alerts to M365 Defender interface.
You can filter the alerts based on the Service Sources: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/alerts-queue?view=o365-worldwide#service-sources
Real Question in exam
D is correct https://www.examtopics.com/discussions/microsoft/view/56970-exam-ms-101-topic-2-question-70-discussion/
It also seems to depend on what you have licensed.. looking in my trial tenant I only see "Defender for Cloud Apps" but looking in my production tenant I can filter it on "Defender for Cloud"
I see it that way too. The term "Defender for Cloud" leads people to make a mistake in understanding.
On the Incidents page, you can filter for Service Source The options are: Defender for Cloud Apps Defender for Endpoint Defender XDR Defender for Office 365 App Governance AAD Identity Protection Data Loss Prevention
For me it only shows MS Def for Cloud Apps, MS Defender XSR and App Governance...
C. Azure Arc Right Answer
M365 defender now called XDR consists of Defender for identity, office apps, endpoints etc. Sentinel, defender for cloud, azure arc are in Azure Cloud so totally different from M365 defender(XDR). So answer is D.
By choosing a specific source, you can only select answer D and NOT A, B, C. For more details read the next link: https://techcommunity.microsoft.com/blog/coreinfrastructureandsecurityblog/microsoft-365-defender-incident-overview/2174343