Microsoft 365 Security Administration — Question 86

Your network contains an on-premises Active Directory domain. The domain contains servers that run Windows Server and have advanced auditing enabled.
The security logs of the servers are collected by using a third-party SIEM solution.
You purchase a Microsoft 365 subscription and plan to deploy Microsoft Defender for Identity by using standalone sensors.
You need to ensure that you can detect when sensitive groups are modified and when malicious services are created.
What should you do?

Answer options

• A. Turn off Delayed updates for the Microsoft Defender for Identity sensors.
• B. Configure auditing in the Microsoft 365 Compliance center.
• C. Turn on Delayed updates for the Microsoft Defender for Identity sensors.
• D. Integrate SIEM and Microsoft Defender for Identity.

Correct answer: D

Explanation

The correct answer is D because integrating the SIEM with Microsoft Defender for Identity allows for comprehensive monitoring and detection of critical changes within the environment. Options A and C regarding Delayed updates do not address the requirement for detecting changes, while option B focuses on auditing that may not provide the necessary integration with the SIEM for real-time alerts.