Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

SC - 900 Microsoft Security, Compliance, and Identity Fundamentals > Describe threat protection with Microsoft 365 Defender > Flashcards

Describe threat protection with Microsoft 365 Defender Flashcards

1
Q

Microsoft 365 Defender

A
  • Microsoft 365 Defender is an enterprise defence suite designed to protect against sophisticated cyberattacks.
  • It offers native coordination of detection, prevention, investigation, and response to threats across endpoints, identities, email, and applications.
  • With Microsoft 365 Defender, admins can assess threat signals from multiple sources to determine the scope and impact of an attack.
  • It provides detailed insights into the attack’s origins and affected systems, enabling effective response and mitigation.
  • Microsoft 365 Defender can automate actions to prevent or halt ongoing attacks, enhancing security and reducing response time.
  • The suite covers four main aspects: identity, endpoints, applications, and email, ensuring comprehensive protection across various attack vectors.

By leveraging the capabilities of Microsoft 365 Defender, organizations can strengthen their security posture and defend against advanced threats across their digital ecosystem.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Microsoft 365 Defender suite

A
  • Microsoft 365 Defender suite provides comprehensive protection for various aspects of your organization’s digital ecosystem.
  • It includes Microsoft Defender for Identity and Azure AD Identity Protection, which detect and investigate advanced threats, compromised identities, and insider actions targeting your organization.
  • Microsoft Defender for Endpoint offers unified endpoint protection, detection, investigation, and response capabilities to safeguard your endpoints.
  • Microsoft Defender for Cloud Apps ensures deep visibility, strong data controls, and enhanced threat protection for your cloud applications.
  • Microsoft Defender for Office 365 safeguards your organization against malicious threats in email messages, URLs, and collaboration tools.
  • By leveraging Microsoft 365 Defender, you can effectively coordinate the detection, prevention, investigation, and response to threats across endpoints, identities, email, and applications.

With the comprehensive capabilities of Microsoft 365 Defender suite, your organization can enhance its cybersecurity posture and mitigate the risks posed by sophisticated cyberattacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Microsoft Defender for Office 365

A
  • Microsoft Defender for Office 365 protects your organization from malicious threats in email messages, URLs, and collaboration tools.
  • It covers various Office 365 services, including Microsoft Teams, SharePoint Online, OneDrive for Business, and other Office clients.
  • Key areas covered by Microsoft Defender for Office 365 include threat protection policies, real-time reports, threat investigation and response capabilities, and automated investigation and response capabilities.
  • Threat protection policies allow you to define the level of protection suitable for your organization.
  • Real-time reports provide visibility into the performance of Microsoft Defender for Office 365.
  • The threat investigation and response capabilities offer advanced tools to investigate, understand, simulate, and prevent threats.
  • Automated investigation and response capabilities help save time and effort by automating the investigation and mitigation of threats.
  • Microsoft Defender for Office 365 is available in two plans, and the chosen plan determines the available tools and features.
  • It’s essential to select the plan that best aligns with your organization’s needs to maximize the benefits of Microsoft Defender for Office 365.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Microsoft Defender for Office 365 Plan 1

A

This plan offers configuration, protection, and detection tools for your Office 365 suite:

Safe Attachments: Checks email attachments for malicious content.

Safe Links: Links are scanned for each click. A safe link remains accessible, but malicious links are blocked.

Safe Attachments for SharePoint, OneDrive, and Microsoft Teams: Protects your organization when users collaborate and share files by identifying and blocking malicious files in team sites and document libraries.

Anti-phishing protection: Detects attempts to impersonate your users and internal or custom domains.

Real-time detections: A real-time report that allows you to identify and analyse recent threats.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Microsoft Defender for Office 365 Plan 2

A

This plan includes all the core features of Plan 1, and provides automation, investigation, remediation, and simulation tools to help protect your Office 365 suite:

Threat Trackers: Provide the latest intelligence on prevailing cybersecurity issues, and allow an organization to take countermeasures before there’s an actual threat.

Threat Explorer: A real-time report that allows you to identify and analyse recent threats.

Automated investigation and response (AIR): Includes a set of security playbooks that can be launched automatically, such as when an alert is triggered, or manually. A security playbook can start an automated investigation, provide detailed results, and recommend actions that the security team can approve or reject.

Attack Simulator: Allows you to run realistic attack scenarios in your organization to identify vulnerabilities. These simulations test your security policies and practices, as well as train your employees to increase their awareness and decrease their susceptibility to attacks.

Proactively hunt for threats with advanced hunting in Microsoft 365 Defender: Advanced hunting is a query-based threat hunting tool that lets you explore up to 30 days of raw data. You can proactively inspect events in your network to locate threat indicators and entities.

Investigate alerts and incidents in Microsoft 365 Defender: Microsoft Defender for Office 365 P2 customers have access to Microsoft 365 Defender integration to efficiently detect, review, and respond to incidents and alerts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Microsoft Defender for Office 365 availability

A

Microsoft Defender for Office 365 is included in certain subscriptions, such as Microsoft 365 E5, Office 365 E5, Office 365 A5, and Microsoft 365 Business Premium.

If your subscription doesn’t include Defender for Office 365, you can purchase it as an add-on.

Use Microsoft Defender for Office 365 to protect your organization’s collaboration tools and messages.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Microsoft Defender for Endpoint

A
  • Microsoft Defender for Endpoint is a platform designed to protect enterprise networks by preventing, detecting, investigating, and responding to advanced threats.
  • It leverages technology embedded in Windows 10 and Microsoft cloud services to provide comprehensive endpoint security.
  • The technology includes endpoint behavioural sensors that collect and process signals from the operating system, cloud security analytics that turn signals into insights, detections, and recommendations, and threat intelligence to identify attacker tools and techniques and generate alerts.
  • Microsoft Defender for Endpoint encompasses seven key aspects:
    1. Threat and Vulnerability Management: Identifies and mitigates vulnerabilities in the environment.
    2. Attack Surface Reduction: Applies security controls to minimize the attack surface and block common attack vectors.
    3. Next-generation Protection: Provides real-time protection against malware, ransomware, and other threats.
    4. Endpoint Detection and Response: Detects and investigates suspicious activities and alerts for advanced threats.
    5. Automated Investigation and Remediation: Automates the investigation and response to security incidents.
    6. Microsoft Threat Experts: Offers access to Microsoft security experts for proactive threat hunting and guidance.
    7. Centralized Configuration and Administration: Provides a centralized interface for configuring and managing security settings.
  • The combination of these aspects enables organizations to strengthen their endpoint security posture and effectively respond to evolving threats.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Microsoft Defender for Endpoint includes

A
  • Microsoft Defender for Endpoint includes several key capabilities to protect and respond to advanced threats on endpoints.
  • Threat and vulnerability management enables the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations, using risk-based approaches and device sensors.
  • Attack surface reduction provides the first line of defence by ensuring proper configuration settings, applying exploit mitigation techniques, and regulating access to malicious IP addresses, domains, and URLs.
  • Next-generation protection leverages machine learning, big data analysis, threat resistance research, and Microsoft cloud infrastructure to protect devices in enterprise organizations.
  • Endpoint detection and response offers near real-time and actionable attack detections, allowing security analysts to prioritize alerts, investigate breaches, and take response actions.
  • Automated investigation and remediation uses algorithms and playbooks to automate the examination of alerts and remediate breaches, reducing the volume of manual investigations required.
  • Microsoft Threat Experts is a managed threat hunting service that provides monitoring and analysis tools to ensure critical threats are not overlooked by security operations centres (SOCs).
  • Management and APIs enable integration with other solutions and provide flexibility for customization.
  • Microsoft Defender for Endpoint integrates with other components in the Microsoft Defender suite, as well as with Microsoft solutions like Intune and Microsoft Defender for Cloud.
  • Microsoft Secure Score for Devices helps assess the security state of the enterprise network, identify unprotected systems, and take recommended actions to improve security.
  • Use Microsoft Defender for Endpoint to protect organization endpoints and effectively respond to advanced threats.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Microsoft Defender for Cloud Apps

A
  • Moving to the cloud offers flexibility for employees and IT teams, but it also brings new security challenges.
  • Microsoft Defender for Cloud Apps is a Cloud Access Security Broker (CASB) solution.
  • It acts as an intermediary between cloud users and cloud providers, providing comprehensive cross-SaaS security.
  • Microsoft Defender for Cloud Apps offers rich visibility into your cloud services, allowing you to monitor and control data travel.
  • It provides sophisticated analytics to identify and combat cyberthreats across both Microsoft and third-party cloud services.
  • With this service, you can gain visibility into Shadow IT by discovering and monitoring the cloud apps being used within your organization.
  • You can control and protect data in sanctioned cloud apps, ensuring security and compliance.
  • Microsoft Defender for Cloud Apps helps maintain the right balance between supporting access to cloud apps and protecting critical data.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Cloud Access Security Brokers (CASBs)

A
  • A CASB acts as a gatekeeper between enterprise users and cloud resources, regardless of their location or device.
  • CASBs provide a wide range of capabilities across several pillars: visibility, threat protection, data security, and compliance.
  • Visibility: CASBs detect cloud services and app usage, providing visibility into Shadow IT.
  • Threat protection: CASBs monitor user activities for anomalies, control access to resources, and mitigate malware.
  • Data security: CASBs identify, classify, and control sensitive information, protecting against malicious actors.
  • Compliance: CASBs assess the compliance of cloud services to ensure adherence to regulations and policies.
  • CASBs help organizations protect their environment and maintain security when using cloud services.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Defender for Cloud Apps framework

A
  • Microsoft Defender for Cloud Apps is built on a framework that offers various capabilities for cloud app security.
  • Discover and control Shadow IT: Identify and assess the risk levels of cloud apps and services used in your organization, and gain insights into usage patterns.
  • Protect against cyberthreats: Detect unusual behaviour and anomalies across cloud apps to identify threats like ransomware or compromised users. Take automated remediation actions to mitigate risks.
  • Protect sensitive information: Understand, classify, and protect sensitive data at rest in the cloud. Apply real-time controls and policies to prevent data exposure.
  • Ensure compliance: Assess if your cloud apps meet compliance requirements, including regulations and industry standards. Prevent data leaks to non-compliant apps and restrict access to regulated data.
  • The Defender for Cloud Apps framework helps organizations gain visibility, protect against threats, secure sensitive data, and ensure compliance in their cloud environments.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Microsoft Defender for Cloud Apps functionality

A
  • Cloud Discovery: Dynamically maps and identifies the cloud apps used in your organization by analysing traffic logs.
  • Sanctioning and sanctioning apps: Use the Cloud apps catalog to assess the risk of cloud apps based on certifications, standards, and best practices, and determine which apps are sanctioned or unsanctioned.
  • App connectors: Integrate Microsoft and non-Microsoft cloud apps with Defender for Cloud Apps to extend control and protection. It allows scanning of data, accounts, and content to enforce policies and detect threats.
  • Conditional Access App Control: Provides real-time visibility and control over access and activities in cloud apps. Prevent data leaks, enforce encryption, and control access from non-corporate or risky networks.
  • Policies: Define policies to detect risky behaviour, violations, or suspicious activities in your cloud environment. Integrate remediation processes to mitigate risks.
  • Microsoft Defender for Cloud Apps dashboard: Provides a centralized view of your organization’s cloud security posture, allowing you to monitor and manage security events, alerts, and configurations.

These features and functionality enable organizations to discover and assess their cloud apps, enforce security policies, protect against threats, and maintain control over their cloud environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Office 365 Cloud App Security

A

Office 365 Cloud App Security is a subset of Microsoft Defender for Cloud Apps that provides enhanced visibility and control for Office 365.

Office 365 Cloud App Security includes threat detection based on user activity logs, discovery of Shadow IT for apps with similar functionality to Office 365 offerings, control app permissions to Office 365, and apply access and session controls.

It offers a subset of the core Microsoft Defender for Cloud Apps features.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Enhanced Cloud App Discovery in Azure Active Directory

A

Azure Active Directory Premium P1 includes Azure Active Directory Cloud App Discovery at no extra cost.

This feature is based on the Microsoft Defender for Cloud Apps Cloud Discovery capabilities that provide deeper visibility into cloud app usage in your organization.

It provides a reduced subset of the Microsoft Defender for Cloud Apps discovery capabilities.

Use Microsoft Defender for Cloud Apps to intelligently and proactively identify and respond to threats across your organization’s Microsoft and non-Microsoft cloud services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Microsoft Defender for Identity

A
  • Cloud-based security solution: Microsoft Defender for Identity is a cloud-based security solution that leverages on-premises Active Directory data to identify and detect advanced threats, compromised identities, and insider actions.
  • Monitor and profile user behaviour: The solution enables security professionals to monitor and profile user behaviour and activities, gaining insights into user actions and potential security risks.
  • Protect user identities and reduce attack surface: Microsoft Defender for Identity helps protect user identities and reduce the attack surface by identifying vulnerabilities and providing recommendations for security improvements.
  • Identify and investigate suspicious activities: The solution enables the identification and investigation of suspicious activities and advanced attacks throughout the cyberattack kill-chain, allowing security professionals to respond effectively.
  • Incident information and fast triage: Microsoft Defender for Identity provides clear incident information on a simple timeline, allowing for fast triage and efficient response to security incidents.

These functionalities empower security professionals to enhance the security of hybrid environments, detect and respond to threats, and safeguard user identities against advanced attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Monitor and profile user behaviour and activities

A

Defender for Identity monitors and analyses user activities and information across your network, including permissions and group membership, creating a behavioural baseline for each user.

Defender for Identity then identifies anomalies with adaptive built-in intelligence.

It gives insights into suspicious activities and events, revealing the advanced threats, compromised users, and insider threats facing your organization.

17
Q

Protect user identities and reduce the attack surface

A

Defender for Identity provides insights on identity configurations and suggested security best practices.

Through security reports and user profile analytics, Defender for Identity helps reduce your organizational attack surface, making it harder to compromise user credentials and advance an attack.

Defender for Identity security reports, help identify users and devices that authenticate using clear-text passwords.

It also provides extra insights into how to improve security posture and policies.

For hybrid environments in which Active Directory Federation Services (AD FS) is present, Defender for Identity protects the AD FS by detecting on-premises attacks and providing visibility into authentication events generated by the AD FS.

18
Q

Identify suspicious activities and advanced attacks across the cyberattack kill-chain

A

Typically, attacks are launched against any accessible entity, such as a low-privileged user.

Attacks then quickly move laterally until the attacker accesses valuable assets.

These assets might include sensitive accounts, domain administrators, and highly sensitive data.

Defender for Identity identifies these advanced threats at the source throughout the entire cyberattack kill-chain:

Reconnaissance
Compromised credentials
Lateral movements
Domain dominance

19
Q

Investigate alerts and user activities

A

Defender for Identity is designed to reduce general alert noise, providing only relevant, important security alerts in a simple, real-time organizational attack timeline.

Use the Defender for Identity attack timeline view and the intelligence of smart analytics to stay focused on what matters.

Also, you can use Defender for Identity to quickly investigate threats, and gain insights across the organization for users, devices, and network resources.

Microsoft Defender for Identity protects your organization from compromised identities, advanced threats, and malicious insider actions.

20
Q

Microsoft 365 Defender portal

A
  • Native coordination of detection, prevention, investigation, and response: Microsoft 365 Defender natively coordinates these functions across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks.
  • Centralized portal for security teams: The Microsoft 365 Defender portal brings together all the functionality and information needed by security teams in a central place, emphasizing quick access to information and simpler layouts.
  • Role-based access control: The portal uses role-based access control, ensuring that different users see cards and data that are relevant to their specific roles and day-to-day responsibilities.
  • Cards categories: The cards on the portal fall into categories such as Identities, Data, Devices, and Apps. These categories help security teams monitor and track activities related to identities, data, devices, and cloud apps.
  • Tailored navigation pane: Admins can customize the navigation pane of the portal to meet their daily operational needs, showing or hiding functions and services based on their preferences. Customizations are specific to individual admins.
  • Access requirements: To access the Microsoft 365 Defender portal, users must be assigned appropriate roles, such as Global Administrator, Security Administrator, Security Operator, or Security Reader in Azure Active Directory.
  • Easy access to capabilities: The left navigation pane of the portal provides easy access to various capabilities, including email and collaboration features of Microsoft Defender for Office 365, and capabilities for Microsoft Defender for Endpoint.

The Microsoft 365 Defender portal serves as a comprehensive and customizable platform for security professionals to monitor, analyze, and respond to security threats and incidents across different areas of the Microsoft 365 environment.

21
Q

Incidents and Alerts in the Microsoft 365 Defender portal

A
  • Alerts and incidents: Microsoft 365 services and apps generate alerts when they detect suspicious or malicious events. These alerts provide valuable information about ongoing or completed attacks. Alerts are automatically grouped into incidents to provide a comprehensive view and context of an attack.
  • Incidents queue: The incidents queue in the Microsoft 365 Defender portal is a centralized location that lists incidents based on severity. It serves as a starting point for incident management and response.
  • Incident summary: Selecting an incident from the queue displays a summary page that provides an overview of the incident. The summary page also provides access to tabs with additional information related to the incident.
  • Components of the incident summary: The incident summary page includes information on:
    • Related alerts: All the alerts that are associated with the incident.
    • Users: All the users identified to be part of or related to the incident.
    • Mailboxes: All the mailboxes identified to be part of or related to the incident.
    • Automated investigations: All the automated investigations triggered by the alerts in the incident.
    • Evidence and response: All the supported evidence and response actions related to the incident.
  • Comprehensive view and response: The incident summary page enables security professionals to gather insights, investigate the incident, and take appropriate response actions.

The incidents and alerts functionality in the Microsoft 365 Defender portal helps security teams effectively manage and respond to security incidents by providing centralized incident management, contextual information, and actionable insights.

22
Q

Hunting

A

Advanced hunting is a query-based threat-hunting tool that lets security professionals explore up to 30 days of raw data.

Advanced hunting queries enable security professionals to proactively search for threats, malware, and malicious activity across your endpoints, Office 365 mailboxes, and more.

Threat-hunting queries can be used to build custom detection rules. These rules run automatically to check for and then respond to suspected breach activity, misconfigured machines, and other findings.

23
Q

Threat analytics in the Microsoft 365 Defender portal

A
  • Threat analytics: Threat analytics is an in-product threat intelligence solution provided by Microsoft security researchers. It helps security teams track and respond to emerging threats.
  • Threat analytics dashboard: The threat analytics dashboard in the Microsoft 365 Defender portal highlights relevant reports for your organization. It includes the latest threats, high impact threats (those with the most active alerts affecting your organization), and high exposure threats.
  • Detailed threat analytics report: Selecting a specific threat from the dashboard opens a threat analytics report. The report provides detailed information, including an analyst report, impacted assets, mitigations, and other relevant details.
  • Analyst reports: The threat analytics report includes insights and analysis from Microsoft security researchers, providing valuable context and guidance for understanding and addressing the threat.
  • Impacted assets: The report identifies the assets within your organization that are impacted or at risk from the specific threat. This helps prioritize response efforts and take appropriate actions.
  • Mitigations and recommendations: The threat analytics report provides mitigation recommendations to address the identified threat. These recommendations can help security teams implement proactive measures to protect their organization.
  • Enhanced visibility and response: Threat analytics in the Microsoft 365 Defender portal empowers security teams with actionable threat intelligence, enabling them to stay informed about emerging threats, assess their impact, and take effective response actions.

The threat analytics functionality helps security professionals stay ahead of evolving threats and make informed decisions to protect their organization’s environment.

24
Q

Microsoft Secure Score in the Microsoft 365 Defender portal

A
  • Microsoft Secure Score: Microsoft Secure Score is a tool in the Microsoft 365 Defender portal that represents an organization’s security posture. It provides a score that reflects the effectiveness of the organization’s security measures. A higher score indicates better protection.
  • Centralized dashboard: The Microsoft 365 Defender portal offers a centralized dashboard for organizations to monitor and enhance the security of their Microsoft 365 identities, apps, and devices.
  • Benefits of Secure Score: Secure Score helps organizations report on their current security posture, improve their security measures through discoverability, visibility, guidance, and control, and compare their performance against benchmarks and key performance indicators (KPIs).
  • Supported services: Microsoft Secure Score currently supports recommendations for Microsoft 365, including Exchange Online, Azure Active Directory, Microsoft Defender for Endpoint, Microsoft Defender for Identity, Microsoft Defender for Cloud Apps, and Microsoft Teams. New recommendations are continuously added.
  • Score breakdown and improvement actions: The Secure Score page displays an organization’s overall score, a breakdown of the score by points, and suggested improvement actions to enhance the score. These actions help organizations strengthen their security posture.
  • Comparison with similar organizations: Microsoft Secure Score provides an indication of how an organization’s score compares to similar organizations, allowing for benchmarking and insights into relative security performance.

Microsoft Secure Score is a valuable tool for organizations to assess and enhance their security posture, leveraging recommendations and guidance provided by Microsoft to strengthen their overall protection against threats.

25
Q

Differences between secure score in Microsoft 365 Defender and Microsoft Defender for Cloud

A

There’s a secure score for both Microsoft 365 Defender and Microsoft Defender for Cloud, but they’re subtly different.

Secure score in Microsoft Defender for Cloud is a measure of the security posture of your Azure subscriptions.

Secure score in the Microsoft 365 Defender portal is a measure of the security posture of the organization across your apps, devices, and identities.

26
Q

Learning hub

A

The Microsoft 365 Defender portal includes a learning hub that bubbles up official guidance from resources such as the Microsoft security blog, the Microsoft security community on YouTube, and the official documentation on Microsoft Learn.

27
Q

Reports

A

Reports are unified in Microsoft 365 Defender.

Admins can start with a general security report, and branch into specific reports about endpoints, email & collaboration.

The links here are dynamically generated based upon workload configuration.

28
Q

Permissions & roles

A

Access to Microsoft 365 Defender is configured with Azure Active Directory global roles or by using custom roles.

29
Q

A lead admin for an organization is looking to protect against malicious threats posed by email messages, links (URLs), and collaboration tools. Which solution from the Microsoft 365 Defender suite is best suited for this purpose?

A. Microsoft Defender for Office 365.

B. Microsoft Defender for Endpoint.

C. Microsoft Defender for Identity.

A

A. Microsoft Defender for Office 365.

Microsoft Defender for Office 365 safeguards against malicious threats posed by email messages, links (URLs), and collaboration tools, including Microsoft Teams, SharePoint Online, OneDrive for Business, and other Office clients.

30
Q

A cloud access security broker (CASB) provides protection across 4 areas/pillars: visibility to detect all cloud services, data security, threat protection, and compliance. These pillars represent the basis of the Cloud App Security framework upon which Microsoft Defender for Cloud Apps is built. Which pillar is responsible for identifying and controlling sensitive information?

A. Threat protection.

B. Compliance.

C. Data Security.

A

C. Data Security.

Through the Data Security pillar, an admin can identify and control sensitive information and respond to classification labels on content.

31
Q

Which of the following is a cloud-based security solution that identifies, detects, and helps to investigate advanced threats, compromised identities, and malicious insider actions directed at your organization?

A. Microsoft Defender for Office 365

B. Microsoft Defender for Identity

C. Microsoft Defender for Cloud Apps

A

B. Microsoft Defender for Identity

Microsoft Defender for Identity is a cloud-based security solution that identifies, detects, and helps you investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.

32
Q

Admins in the organization are using the Microsoft 365 Defender portal every day. They want to quickly get an understanding of the organization’s current security posture. Which capability in the Microsoft 365 Defender portal will they use?

A. Reports.

B. Secure Score.

C. Policies.

A

B. Secure Score.

Secure Score, in the Microsoft 365 Defender portal, will give a snapshot of an organization’s security posture, and provide details on how to improve it.

SC - 900 Microsoft Security, Compliance, and Identity Fundamentals (17 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions