Microsoft Security Operations Analyst — Question 45

You have 500 on-premises devices.

You have a Microsoft 365 E5 subscription that uses Microsoft Defender 365.

You onboard 100 devices to Microsoft Defender 365.

You need to identify any unmanaged on-premises devices. The solution must ensure that only specific onboarded devices perform the discovery.

What should you do first?

Answer options

• A. Create a device group.
• B. Create an exclusion.
• C. Set Discovery mode to Basic.
• D. Create a tag.

Correct answer: D

Explanation

Creating a tag is the correct first step because it allows you to categorize and identify specific onboarded devices for the discovery process. The other options, while potentially useful in different contexts, would not specifically address the requirement to focus on particular onboarded devices during the discovery of unmanaged devices.