šŸ”„ Check out my documented journey on how to set up Configuration Manager (MECM) and my updated notes on the Azure AZ-104 Exam! šŸ”„
Posts
Microsoft
MS-102
MS-102 Certification Notes
MS-102 Stormwind Studios Course Notes
MS-102: Microsoft 365 Administrator Day 8
8.11 - Microsoft 365 Defender

MS-102 Certification Notes

Day 8.11 - Microsoft 365 Defender

Microsoft 365 Defender

  • The Portal
    • Home
    • Assets
    • Endpoints
    • Email & collaboration
    • Cloud Apps
    • Reports
  • KUSTO
  • MITRE ATT&CK
  • Zero Trust
  • Security Reports and Alerts
  • Email and Collaboration Protection
  • Defender for Endpoint

The Portal - Incidents & Alerts

  • Incidents - something has happened may contain one or more related alerts or data
  • Alerts - notifications based on unusual or malicious activity, or on rules set up by admins

The Portal - Incidents

  • Incidents - Most recent incidents and alerts
  • Azure AD IP Alerts settings
  • Email Notifications

The Portal - Azure AD IP Alert Settings

  • General
    • Account
    • Email notifications
    • Alert service Settings
    • Permissions and roles
    • Streaming API
  • Rules
    • Asset rule management
    • Alert tuning

The Portal - Hunting

  • Advanced Hunting
  • Custom detection rules

The Portal - Actions & Submissions

  • Admins can submit data to Microsoft for Analysis
    • Emails
    • Teams' messages
    • Email attachments
    • URLs
    • Files
    • User Reported
8.10 - Conditional Access8.12 - Secure Score