HOTSPOT (Drag and Drop is not supported).
You have a Microsoft 365 E5 subscription that contains the devices shown in the following table.
At 08:00, you create an incident noti cation rule that has the following con gurations:
Name: Noti cation1
Noti cation settings
- Notify on alert severity: Low
- Device group scope: All (3)
- Details: First noti cation per incident
Recipients: User1@contoso.com, User2@contoso.com
At 08:02, you create an incident noti cation rule that has the following con gurations:
Name: Noti cation2
Noti cation settings
- Notify on alert severity: Low, Medium
- Device group scope: DeviceGroup1, DeviceGroup2
Recipients: User1@contoso.com
In Microsoft 365 Defender, alerts are logged as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
- See Explanation section for answer.
Answer(s): A
Explanation:
Box 1: No -
Noti cation it has: First noti cation per incident
Only notify on rst occurrence per incident - Select if you want a noti cation only on the rst alert that matches your other selections. Later updates or alerts related to the incident won't send additional noti cations.
Box 2: Yes -
Box 3: No -
Severity of the 8:20 incident is high, so neither of the noti cation rules will trigger. Note: Alert severity - Choose the alert severities that will trigger an incident noti cation. For example, if you only want to be informed about high-severity incidents, select High.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/defender/incidents-overview
Reveal Solution Next Question