Microsoft 365 Administrator — Question 313

You have a Microsoft 365 subscription that contains a user named User1.

You need to ensure that User1 can gather and summarize a custom set of data from signals in the Microsoft Defender XDR environment. The solution must NOT require that User1 have KQL knowledge.

What should you do in Microsoft Defender XDR?

Answer options

• A. From Advanced hunting, create a new query in the query editor.
• B. From Cloud Discovery, create a report.
• C. From API Explorer, create a query.
• D. From Advanced hunting, create a new query in the query builder.

Correct answer: D

Explanation

Option D is correct because the query builder in Advanced hunting allows users to construct queries without needing KQL knowledge. Options A and C require some level of KQL understanding, while B does not specifically focus on gathering and summarizing data from signals in the same context.