What are incidents in Microsoft 365 Defender?
Experience Level: Junior
Tags: Microsoft Defender
Answer
An incident in Microsoft 365 Defender is a collection of correlated alerts and associated data that make up the story of an attack.
Microsoft 365 services and apps create alerts when they detect a suspicious or malicious event or activity. Individual alerts provide valuable clues about a completed or ongoing attack. However, attacks typically employ various techniques against different types of entities, such as devices, users, and mailboxes. The result is multiple alerts for multiple entities in your tenant.
Because piecing the individual alerts together to gain insight into an attack can be challenging and time-consuming, Microsoft 365 Defender automatically aggregates the alerts and their associated information into an incident.
Related Azure Cloud job interview questions
How do you ensure that newly created resources adhere to standards your company defines for Azure?
Azure Policy JuniorCan you use Azure Policy to automatically remediate non-compliant resources?
Azure Policy JuniorHow objects and credentials are synchronized in hybrid environment using Azure AD Connect?
Azure Active DirectoryAzure AD Domain Services JuniorDoes Azure AD Connect need multiple Azure tenants?
Azure Active DirectoryAzure AD Domain Services JuniorWhat tool do you need to implement hybrid identity?
Azure Active DirectoryAzure AD Domain Services Junior
