Microsoft Security Operations Analyst — Question 7

You have a Microsoft 365 E5 subscription that is linked to a hybrid Azure AD tenant.

You need to identify all the changes made to Domain Admins group during the past 30 days.

What should you use?

Answer options

• A. the Modifications of sensitive groups report in Microsoft Defender for Identity
• B. the identity security posture assessment in Microsoft Defender for Cloud Apps
• C. the Azure Active Directory Provisioning Analysis workbook
• D. the Overview settings of Insider risk management

Correct answer: A

Explanation

The correct answer is A, as the Modifications of sensitive groups report in Microsoft Defender for Identity specifically tracks changes to sensitive groups, including Domain Admins, over a defined period. Options B, C, and D do not focus on tracking modifications to group memberships and therefore would not provide the necessary information regarding changes to the Domain Admins group.