Manage incidents based on alerts generated by Microsoft Cloud App Security

Written by John Gruber Published on Last Updated on

You have a Microsoft 365 tenant with a Microsoft Sentinel workspace.

You've been asked by your manager to configure Microsoft 365 so you can manage incidents based on alerts generated by Microsoft Cloud App Security.

What do you need to do first?

Configure log collectors from the Microsoft Defender for Cloud Apps admin center.

Configure security extensions from the Microsoft Defender for Cloud Apps admin center.

Configure app connectors from the Microsoft Defender for Cloud Apps admin center.

Add and configure a data connector from the Microsoft 365 compliance center.

Click to show answer

If you need to manage incidents based on alerts generated by Microsoft Cloud App Security we'll need to create a security extension in Microsoft Defender for the Cloud Apps admin center.

https://www.gitbit.org/course/ms-500/learn/Collect-detect-investigate-and-respond-to-security-threats-using-Microsoft-Sentinel-LEyZMWBSt

https://docs.microsoft.com/en-us/cloud-app-security/siem-sentinel

< Previous Next > Skip Exam >>