Microsoft Identity and Access Administrator — Question 132

You have an Azure Active Directory (Azure AD) tenant named contoso.com that has Azure AD Identity Protection policies enforced.
You create an Azure Sentinel instance and configure the Azure Active Directory connector.
You need to ensure that Azure Sentinel can generate incidents based on the risk alerts raised by Azure AD Identity Protection.
What should you do first?

Answer options

• A. Add a Microsoft Sentinel data connector.
• B. Configure the Notify settings in Azure AD Identity Protection.
• C. Create a Microsoft Sentinel playbook.
• D. Modify the Diagnostics settings in Azure AD.

Correct answer: A

Explanation

The correct answer is A because adding a Microsoft Sentinel data connector is essential for integrating Azure AD Identity Protection with Azure Sentinel, enabling incident generation from risk alerts. The other options do not directly facilitate the connection needed for incident creation in this context.