What can you use in the Microsoft 365 Defender portal to identify devices that are affected by an alert?

Disable ads (and more) with a membership for a one time $4.99 payment

Study for the Microsoft SC-900 Exam. Master key concepts with targeted flashcards and multiple-choice questions, featuring hints and explanations. Get prepared and confident for success!

Using incidents in the Microsoft 365 Defender portal is the correct approach to identify devices that are affected by an alert. Incidents serve as a consolidated view of related alerts that have been raised due to suspicious or malicious activity. When an alert is triggered, it corresponds to a specific incident, allowing security teams to assess the severity and impact of the alerts across various devices.

When you dive into an incident, you can see all associated alerts, which include information about the affected devices, user accounts, and the nature of the threats. This makes it much easier to prioritize responses, investigate affected devices, and take necessary remediation actions.

In contrast, classifications focus on how data or alerts are categorized, policies define the rules that govern security configurations and compliance requirements, and Secure score measures the security posture of your organization by evaluating how well you comply with recommended security practices. While these elements are essential in a comprehensive security framework, they do not directly correlate with identifying affected devices in the same way that incidents do.

More Multiple Choice Questions