HOTSPOT
-
You have a Microsoft 365 E5 subscription that uses Microsoft 365 Defender for Endpoint.
You need to ensure that you can initiate remote shell connections to Windows servers by using the Microsoft 365 Defender portal.
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Live response for servers & device tag https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/respond-machine-alerts?view=o365-worldwide#initiate-live-response-session
Wrong Answer. Answer is: 1. Live Response for server 2. Automation Level It is explained here: https://learn.microsoft.com/en-us/defender-endpoint/automation-levels "With no automation, automated investigation doesn't run on your organization's devices. As a result, no remediation actions are taken or pending as a result of automated investigation"
Live Response for Servers Devices require an Automation Remediation level (Semi or Full) https://www.egroup-us.com/microsoft-defender-for-endpoints-live-response/
This is a very similar question to topic-1-question-27-discussion/ which gives different anwers! You pay good money for this site and around 50% of the answers are wrong. Live response and automation level should be the answer.
Live Response for Servers | The automation level (Not sure) Live Response for Servers > Allows users with Live Response privileges to connect remotely to servers (Windows Server or Linux devices) that they are authorized to access. https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/live-response?view=o365-worldwide I don't know if it's still required but it was: You'll need to enable, at least, the minimum Remediation Level for a given Device Group. Otherwise you won't be able to establish a Live Response session to a member of that group.