What part of Microsoft 365 security center do you use to identify users and devices affected by alert?
Experience Level: Junior
Tags: Microsoft Defender
Answer
Use Incidents.
The additional tabs for an incident are:
Alerts - All the alerts related to the incident and their information.
Devices - All the devices that have been identified to be part of or related to the incident.
Users - All the users that have been identified to be part of or related to the incident.
Mailboxes - All the mailboxes that have been identified to be part of or related to the incident.
Investigations - All the automated investigations triggered by alerts in the incident.
Evidence and Response - All the supported events and suspicious entities in the alerts of the incident.
Summary - A quick overview of the impacted assets associated with alerts.
Related Azure Cloud job interview questions
What is data loss prevention (DLP) feature used for in Microsoft 365?
Microsoft 365 JuniorWhat part of Microsoft 365 Defender can you use to review security trends?
Microsoft Defender JuniorHow do you trigger Azure Policy compliance evaluation scan on-demand?
Azure Policy JuniorWhat is the standard Azure Policy evaluation cycle?
Azure Policy JuniorHow can you evaluate what Azure resources are non-compliant with the standards that your company defines?
Azure Policy Junior
