Microsoft 365 Administrator — Question 334

You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint.

All the devices in your organization are onboarded to Microsoft Defender for Endpoint.

You need to ensure that an alert is generated if malicious activity was detected on a device during the last 24 hours.

What should you do?

Answer options

• A. From the Microsoft Purview compliance portal, create a data loss prevention (DLP) policy.
• B. From Alerts queue, create a suppression rule and assign an alert.
• C. From Advanced hunting, create a query and a detection rule.
• D. From the Microsoft Purview compliance portal, create an audit log search.

Correct answer: C

Explanation

The correct answer is C because creating a query and a detection rule in Advanced hunting allows you to specifically search for and detect malicious activities on devices, thus generating alerts as needed. The other options do not focus on detecting malicious activity in real-time; DLP policies and audit log searches serve different purposes, while suppression rules merely manage existing alerts without generating new ones.