You have a Microsoft Sentinel workspace named SW1.
In SW1, you investigate an incident that is associated with the following entities:
* Host
* IP address
* User account
* Malware name
Which entity can be labeled as an indicator of compromise (loC) directly from the incident s page?
You have a Microsoft 365 subscription that uses Microsoft Defender for Cloud Apps and has Cloud Discovery enabled.
You need to enrich the Cloud Discovery dat
a. The solution must ensure that usernames in the Cloud Discovery traffic logs are associated with the user principal name (UPN) of the corresponding Microsoft Entra ID user accounts.
What should you do first?
You have a Microsoft Sentinel workspace named SW1.
In SW1, you investigate an incident that is associated with the following entities:
* Host
* IP address
* User account
* Malware name
Which entity can be labeled as an indicator of compromise (loC) directly from the incident s page?
You have a Microsoft 365 subscription that uses Microsoft Defender for Cloud Apps and has Cloud Discovery enabled.
You need to enrich the Cloud Discovery dat
a. The solution must ensure that usernames in the Cloud Discovery traffic logs are associated with the user principal name (UPN) of the corresponding Microsoft Entra ID user accounts.
What should you do first?
You have a Microsoft 365 subscription that contains the following resources:
* 100 users that are assigned a Microsoft 365 E5 license
* 100 Windows 11 devices that are joined to the Microsoft Entra tenant
The users access their Microsoft Exchange Online mailbox by using Outlook on the web.
You need to ensure that if a user account is compromised, the Outlook on the web session token can be revoked.
What should you configure?
Maryann
21 days agoGerald
23 days agoTenesha
24 days agodarrena
1 months agokalasan
1 months ago