Microsoft 365 Administrator — Question 262

You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint.

All the devices in your organization are onboarded to Microsoft Defender for Endpoint.

You need to ensure that an alert is generated if malicious activity was detected on a device during the last 24 hours.

What should you do?

Answer options

• A. From the Microsoft Defender portal, create an alert suppression rule and assign an alert.
• B. From the Microsoft Purview compliance portal, create an audit log search.
• C. From the Microsoft Purview compliance portal, create a data loss prevention (DLP) policy.
• D. From the Microsoft Defender portal, create an Advanced hunting query and a detection rule.

Correct answer: D

Explanation

The correct answer is D because creating an Advanced hunting query and a detection rule allows you to detect and generate alerts for malicious activities on devices within the specified timeframe. The other options do not directly relate to generating alerts for malicious activity on devices; option A focuses on suppressing alerts, option B deals with audit logs, and option C is about data loss prevention.