You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint Plan 2 and contains 500 Windows devices.
You plan to create a Microsoft Defender XDR custom deception rule.
You need to ensure that the rule will be applied to only 10 specific devices.
What should you do first?
To ensure the rule will be applied to only 10 specific devices, you should assign a tag to those devices. In Microsoft Defender XDR, you can specify the scope of a rule to either all Windows client devices or to devices with specific tags. By tagging the 10 specific devices, you can then create a rule that targets these tagged devices specifically.
Identify the devices where you intend to plant the lures in the scope section. You can select to plant lures in all Windows client devices or in clients with specific tags. The deception feature currently covers Windows clients. https://learn.microsoft.com/en-us/defender-xdr/configure-deception
A: Add custom lures to the rule "In the rule creation pane, add a rule name, description, and select what lure types to create. You can select both" https://learn.microsoft.com/en-us/defender-xdr/configure-deception
Add the devices to a group.
It's (D) first [tag 10 devices], and then when you create the rule, you chose the lure (A), and then you chose the decoys ( the 10 devices you tagged ) https://learn.microsoft.com/en-us/defender-xdr/configure-deception
with Deception rules scope you only get the option to (1) All Windows Client devices or (2) Devices with specific Tags. Therefore, "D".