GitBit
BlogFirst lesson
Sign Up

Question 13 of 18

Previous QuestionNext Question

Your organization has an on-premises Active Directory domain that runs Windows Server 2022 servers and has advanced auditing enabled. Your organization is already collecting the servers' security logs using a third-party SIEM solution.

Your organization has purchased a Microsoft 365 tenant and your manager has asked you to deploy Microsoft Defender for identity by using standalone sensors.

You need to configure the Defender for Identity standalone sensor to detect when certain sensitive groups are updated and any time malicious services are created.

How can you fulfill your manager's request?

You'll need to integrate a SIEM and Defender for Identity when you're using a third-party SIEM solution and you want Defender for Identity to detect when sensitive groups are modified and when malicious services are created. In short, anytime you want Defender for Identity to alert when the SIEM solution picks up an issue.

https://www.gitbit.org/course/ms-500/learn/Whats-Microsoft-Defender-for-identity-Kye_yNLxA

https://docs.microsoft.com/en-us/azure-advanced-threat-protection/configure-event-forwarding

Did you like the site?