Exam SC-200 topic 5 question 6 discussion

C https://learn.microsoft.com/en-us/defender-endpoint/device-discovery?view=o365-worldwide

First, create a device group to include only the specific onboarded devices you want as discovery agents (e.g., 10 of the 100). Then, in Settings > Endpoints > Device discovery, set “Devices that will perform discovery” to “Only devices in specified device groups” and select your group. A device group (A) or tag (D) can do this, but A is the stronger starting point because: Groups are purpose-built for policy assignment in Defender. Groups support dynamic membership (e.g., based on attributes), unlike tags (manual). Post-group creation, you can configure discovery settings to use only that group.

It is C according to ChatGPT

C. Set Discovery mode to Basic.

Can I control which devices perform Standard discovery? You can customize the list of devices that are used to perform Standard discovery. You can either enable Standard discovery on all the onboarded devices that also support this capability (currently Windows 10 or later and Windows Server 2019 or later devices only) or select a subset or subsets of your devices by specifying their device tags. In this case, all other devices are configured to run Basic discovery only. The configuration is available in the device discovery settings page.

Select tags https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/device-discovery-faq

You need to create a tag. By default Standard discovery is already turned on. Only when its turned on you can specify what onboarded devices will do Standard discovery. - ALL devices - only the ones which have specific tag So if you create first a tag and select the tag in this setting only those specified devices will do the discovery.

Important point in the question: "The solution must ensure that only specific onboarded devices perform the discovery" Standard discovery is the default and recommended mode. It'll provide results than Basic discovery so you don't need to set it to Basic. You can configure the Standard discovery scan to be performed by all onboarded devices or by a subset of devices. This is configured by specifying their device tag.

The requirement is to ensure that only specific onboarded devices perform the discovery. Simply setting the discovery mode to Basic does not address the need to limit discovery to specific devices. Instead, it changes the scope and intensity of the discovery but applies this setting globally, not selectively to specific devices.

The first step should be to create a device group. By doing so, you can group the specific onboarded devices that you want to perform the unmanaged device discovery. Once the group is created, you can configure discovery settings or apply policies that only affect that group, ensuring that only those specific devices handle the discovery task.

On first look I thought C, but after reading question again and documentation, I would say D is right. "To set up device discovery, take the following configuration steps in Microsoft Defender portal: Navigate to Settings > Device discovery If you want to configure Basic as the discovery mode to use on your onboarded devices, select Basic and then select Save If you've selected to use Standard discovery, select which devices to use for active probing: all devices or on a subset by specifying their device tags, and then select Save"

standard scan is needed to specify which devices can perform discovery, so the answer to this question is D.

Set Discovery mode to Basic. T

Answer D - Create a device tag. https://learn.microsoft.com/en-us/defender-endpoint/device-discovery-faq#can-i-control-which-devices-perform-standard-discovery A- Device groups are not used to specify which device perform discovery scans B- Exclusions are used to exclude specific devices from being scanned, no control which devices perform the scane C- setting discovery mode to basic just controls the type of scan that's performed it doesn't limit scans to only be run from a specific list of devices. D- as per the above article Devices tags can be used to ensure Standard Discovery scans are only performed by specific devices with the assigned tag. All other managed devices are limited to basic scans only. this doesn't quite meet the requirement in the question which infers ALL scans must be limited to specific devices but it is all that MS support and therefore answer D is the closest to meeting this requirement.

Set Discovery Mode to Basic: Configure the Discovery mode for your onboarded devices. Choose Basic discovery mode to passively collect events in your network and extract device information from them. Basic discovery uses the SenseNDR.exe binary for passive network data collection, and no network traffic is initiated. Endpoints extract data from all network traffic seen by an onboarded device. Note that with basic discovery, you gain limited visibility of unmanaged endpoints in your network