You have a new Microsoft 365 E5 tenant.
You need to enable an alert policy that will be triggered when an elevation of Microsoft Exchange Online administrative privileges is detected.
What should you do first?
You have a new Microsoft 365 E5 tenant.
You need to enable an alert policy that will be triggered when an elevation of Microsoft Exchange Online administrative privileges is detected.
What should you do first?
To enable an alert policy triggered by the elevation of Microsoft Exchange Online administrative privileges, the first step is to enable auditing. Auditing records administrative actions and changes, which are essential for alert policies to function effectively. While other options pertain to compliance and risk management, they do not fulfill the basic requirement of tracking actions needed for alerting on administrative privilege changes.
A. Enable auditing The first step you should take is to Enable auditing. In order to monitor and get alerted on specific activities such as elevation of administrative privileges, auditing needs to be enabled in your Microsoft 365 environment. Auditing will record events such as changes in permissions and other administrative activities, which can then be monitored through alert policies to notify administrators when specific events occur.
-A When an elevation of Microsoft Exchange Online administrative privileges is detected in your Microsoft 365 E5 tenant, you should first enable auditing.
Was in Exam 27-6-24
- A But, question makes no sense. Audit is enabled by default. All other options are less obvious. https://learn.microsoft.com/en-us/purview/audit-solutions-overview#audit-standard
Hello. I believe the answer below will help you with this question: "Audit logging is turned on by default for Microsoft 365 organizations. However, when setting up a new Microsoft 365 organization, you should verify the auditing status for your organization. For instructions, see the Verify the auditing status for your organization section in this article." https://learn.microsoft.com/en-us/purview/audit-log-enable-disable
So if Auditing is enabled by default, why shouldn't you then choose for C? https://learn.microsoft.com/en-us/purview/insider-risk-management-policies Insider risk management policies determine which users are in-scope and which types of risk indicators are configured for alerts. You can quickly create a security policy that applies to all users in your organization or define individual users or groups for management in a policy.
Gotta be A. The others don't really matter in this situation. Anything alert related would have an alert policy setup specifically, so auditing is the only reliable option. Power of deduction is a great thing xD
Option C
To enable an alert policy in a new Microsoft 365 E5 tenant that will be triggered by the elevation of Microsoft Exchange Online administrative privileges, the first step you should take is: A. Enable auditing. Auditing must be enabled to track and record actions within the tenant, which allows for the creation of alert policies based on those audit logs1. Once auditing is enabled, you can create alert policies in the Microsoft Purview compliance portal or the Microsoft Defender portal to monitor activities such as assigning admin privileges in Exchange Online1
So if Auditing is enabled by default, why shouldn't you then choose for C? https://learn.microsoft.com/en-us/purview/insider-risk-management-policies Insider risk management policies determine which users are in-scope and which types of risk indicators are configured for alerts. You can quickly create a security policy that applies to all users in your organization or define individual users or groups for management in a policy.