You're reading from Microsoft 365 Administrator MS-102 Exam Guide Master the Microsoft 365 Identity and Security Platform and confidently pass the MS-102 exam

Product type Paperback

Published in Dec 2023

Publisher Packt

ISBN-13 9781835083963

Length 534 pages

Edition 1st Edition

Tools

Boost

Concepts

System Administration

Author (1):

Aaron Guilmette

View More author details

Table of Contents (13) Chapters

Preface

1. Chapter 1: Implementing and Managing a Microsoft 365 Tenant FREE CHAPTER

2. Chapter 2: Managing Users and Groups

3. Chapter 3: Managing Roles in Microsoft 365

4. Chapter 4: Implementing and Managing Identity Synchronization with Azure AD

5. Chapter 5: Implementing and Managing Authentication

6. Chapter 6: Implementing and Managing Secure Access

7. Chapter 7: Managing Security Reports and Alerts by Using the Microsoft 365 Defender Portal

8. Chapter 8: Implementing and Managing Email and Collaboration Protection by Using Microsoft Defender for Office 365

9. Chapter 9: Implementing and Managing Endpoint Protection by Using Microsoft Defender for Endpoint

10. Chapter 10: Implementing Microsoft Purview Information Protection and Data Lifecycle Management

11. Chapter 11: Implementing Microsoft Purview data loss prevention (DLP)

12. Other Books You May Enjoy

Reviewing and Responding to Security Incidents and Alerts in Microsoft 365 Defender

Alerts represent individual risk items or threats, such as an email that triggers a data loss prevention (DLP) policy action or a macro that queries a computer’s filesystem. When threats are detected in the organization through any of the Microsoft 365 Defender signals, they will show up on the Alerts page of Microsoft 365 Defender.

When working with incidents and alerts in the Microsoft 365 platform, Microsoft recommends a three-phased approach – Triage, Investigate, and Respond – as shown in Figure 7.10:

Figure 7.10 – The Microsoft 365 Incident Management phases

The first phase, Triage, involves determining whether the alerts generated are indeed real (true positives) or not (false positives). In the Investigate phase, potentially affected assets are isolated or disabled (or, if automation is already in place that has disabled and isolated...

The rest of the chapter is locked

You're reading from Microsoft 365 Administrator MS-102 Exam Guide Master the Microsoft 365 Identity and Security Platform and confidently pass the MS-102 exam

Table of Contents (13) Chapters

Reviewing and Responding to Security Incidents and Alerts in Microsoft 365 Defender

Authors (1)

Personalised recommendations for you

You're reading from Microsoft 365 Administrator MS-102 Exam Guide Master the Microsoft 365 Identity and Security Platform and confidently pass the MS-102 exam

Table of Contents (13) Chapters

Reviewing and Responding to Security Incidents and Alerts in Microsoft 365 Defender

Unlock this book and the full library FREE for 7 days

Authors (1)

Personalised recommendations for you