Microsoft 365 Security Administration — Question 89

You have an Azure Sentinel workspace.
You need to manage incidents based on alerts generated by Microsoft Defender for Cloud Apps.
What should you do first?

Answer options

• A. From the Microsoft Defender for Cloud Apps portal, configure security extensions.
• B. From the Microsoft Defender for Cloud Apps portal, configure app connectors.
• C. From the Microsoft Defender for Cloud Apps portal, configure log collectors.
• D. From the Microsoft 365 Compliance admin center, add and configure a data connector.

Correct answer: A

Explanation

The correct answer is A because configuring security extensions in Microsoft Defender for Cloud Apps is essential for integrating with Azure Sentinel and managing incidents effectively. Options B and C focus on app connectors and log collectors, which are not the first step for incident management in this context. Option D involves the Microsoft 365 Compliance admin center, which is unrelated to the initial configuration needed in this scenario.