Microsoft 365 Administrator — Question 248

You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint.

All the devices in your organization are onboarded to Microsoft Defender for Endpoint.

You need to ensure that an alert is generated if malicious activity was detected on a device during the last 24 hours.

What should you do?

Answer options

• A. From the Microsoft Purview compliance portal, create a data loss prevention (DLP) policy.
• B. From the Microsoft Defender portal, create an alert suppression rule and assign an alert.
• C. From Advanced hunting, create a query and a detection rule.
• D. From the Microsoft Defender portal, create an Advanced hunting query and a detection rule.

Correct answer: D

Explanation

The correct answer is D, as creating an Advanced hunting query along with a detection rule specifically allows for monitoring and generating alerts for any malicious activities detected in the last 24 hours. Option A is incorrect because a DLP policy does not monitor device activity for threats. Option B is also incorrect because alert suppression rules do not generate new alerts; they are used to mute existing alerts. Option C, while it involves creating a query and detection rule, does not specify the use of the Microsoft Defender portal, which is crucial for the task.