Exam SC-200 topic 2 question 42 discussion

Answer is correct. Microsoft Endpoint Manager (Intune) has nothing to do with configuring Defender for Cloud to collect data from VMs Plus it would need a lot of administrative effort also to make relevant Intune configurations. All you need to do is enable auto-provisioning from Defender for Cloud. There you ll be asked if you want to store security events and in what level (none, minimal, common, all). Since there are only 2 options provided here (common & all) we go with the least effort so A -> common You can check the below video at 04:14 https://www.youtube.com/watch?v=Ufk65R7UJCc

B. From the Microsoft Endpoint Manager admin center, enable automatic enrollment: This will automatically enroll all Windows devices, including the virtual machines in your subscription, in Microsoft Endpoint Manager, which will then allow Defender for Cloud to collect event data from these devices. To enable automatic enrollment, you can follow the steps in the Microsoft documentation. E. From Defender for Cloud in the Azure portal, enable automatic provisioning for the virtual machines: This will automatically configure the virtual machines to send event data to Defender for Cloud without the need for manual configuration or agent installation. To enable automatic provisioning, you can follow the steps in the Azure Defender documentation.

on exam 2024/April

Simple A and E Don’t even think

AE for me too!

not correct BE

check this

AE for me

E. From Defender for Cloud in the Azure portal, enable automatic provisioning for the virtual machines. Automatic provisioning allows Microsoft Defender for Cloud to automatically deploy the Log Analytics agent to Azure VMs, which will then forward the event data to a Log Analytics workspace. This reduces the administrative effort as you won't have to manually install and configure the agent on each VM. A. From the workspace created by Defender for Cloud, set the data collection level to Common. Setting the data collection level to "Common" minimizes costs because it means only essential security-related events will be collected. The "All Events" setting (Option D) would result in higher costs because more data would be stored in the workspace, but it might not be necessary for security monitoring.

In MS Defnder for Cloud environment settings Defender plans there you enabled auto provision with LAA/MMA turned on and configure Security events storage to Common https://learn.microsoft.com/en-us/azure/defender-for-cloud/auto-deploy-azure-monitoring-agent#deploy-the-azure-monitor-agent-with-defender-for-cloud

Endpoint Manager is for "Endpoints" only ie. Windows 10/11, Android, iOS and Mac. NOT Server or Defender for Cloud related. So must be AE https://learn.microsoft.com/en-us/azure/defender-for-cloud/working-with-log-analytics-agent#what-event-types-are-stored-for-common-and-minimal

AE B is not possible because Microsot Endpoint Manager doesnt enroll servers and it says: contains 100 virtual machines that run windows server.

Agree, A/E are correct

The answer is not B, enrolling windows devices has no direct impact on configuring defender for cloud to collect event data from virtual machines

seems correct to me, A and E.

Correct is BE