You are reviewing alerts in the Microsoft 365 Defender portal.
How long are the alerts retained in the portal?
You are reviewing alerts in the Microsoft 365 Defender portal.
How long are the alerts retained in the portal?
Alerts in the Microsoft 365 Defender portal are retained for 6 months. This retention period ensures that alerts remain accessible for a considerable time, allowing for thorough investigation and historical analysis. Therefore, the alerts are kept for 180 days within the portal.
Data from Microsoft Defender for Endpoint is retained for 180 days, visible across the portal. However, in the advanced hunting investigation experience, it's accessible via a query for a period of 30 days. https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/data-storage-privacy?view=o365-worldwide#how-long-will-microsoft-store-my-data-what-is-microsofts-data-retention-policy
It was 90 days but was changed in october to 180 days so make of that what you will
I just tested and you can filter it for 6 months, also it's explained here: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/alerts-queue?view=o365-worldwide
Correct https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/mdo-data-retention?view=o365-worldwide
No, it's not, this link talks about defender for office but the question is talking about Defender portal. I just tested and you can filter it for 6 months https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/alerts-queue?view=o365-worldwide
"Alerts are displayed in the portal for 90 days, even if the resource related to the alert was deleted during that time. This is because the alert might indicate a potential breach to your organization that needs to be further investigated." - from: https://learn.microsoft.com/en-us/azure/defender-for-cloud/alerts-overview
I went to defender portal--> blade alerts --> time period and I can go back 6 months. my answer is D: 6 months
I re-confirm in defender portal that action center is 6 months. Defender-->Actions&Submitions-->Action Center--> History tab--> Select the time to see and export. the issue with this question is that Microsoft upgrade the service from 3 months to 6 months few months ago and exist the risk that this answer is now updated to 6 months, so, it is a risk either to choose 3 months or 6 months because we don't know if this is updated or not.
Correct: D https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/alerts-queue?view=o365-worldwide On the top navigation you can: Customize columns to add or remove columns Apply filters Display the alerts for a particular duration like 1 Day, 3 Days, 1 Week, 30 Days, and 6 Months Export the alerts list to excel Manage Alerts
Guys so which one?
For Plan 1 is 90, for Plan 2 is upto 6 months.
C is correct until the exam is updated. After that it is D. The English language version of this exam will be updated on April 26, 2024. Review the study guide linked in the “Tip” box for details on upcoming changes. If a localized version of this exam is available, it will be updated approximately eight weeks after this date.
C is correct
its correct https://learn.microsoft.com/en-us/azure/defender-for-cloud/alerts-overview
The retention period is asked for alert data. This should be 90 days ( 3months) see https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/mdo-data-retention?view=o365-worldwide#defender-for-office-365-plan-1 Given answer is correct
No, it's not, this link talks about defender for office but the question is talking about Defender portal. I just tested and you can filter it for 6 months https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/alerts-queue?view=o365-worldwide