Microsoft 365 Administrator — Question 250

You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Endpoint and Microsoft Intune.

All devices run Windows 11 and are Microsoft Entra joined.

You are alerted to a zero-day attack.

You need to identify which devices were affected by the attack and send a request to Intune administrators to update the affected devices.

Which two actions should you perform in the Microsoft Defender portal? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Answer options

• A. From Threat analytics, view the list of vulnerable devices.
• B. From Incidents & alerts, select the latest incident.
• C. From Vulnerability management, open the security recommendation.
• D. Select the affected devices and request remediation.

Correct answer: A, D

Explanation

Option A is correct as it allows you to see which devices are vulnerable, providing insight into those affected by the attack. Option D is also correct as it enables you to request remediation for those devices. Options B and C do not directly assist in identifying affected devices or initiating the update process.