Exam MS-102 topic 1 question 324 discussion

Monitor: Microsoft Defender for Identity: This is your go-to for monitoring suspicious activities and behaviors, including those linked to IP addresses and administrative actions. Integrate: A data connector: This allows integration of Azure activities with Microsoft Defender XDR, ensuring seamless data flow and monitoring capabilities.

https://learn.microsoft.com/en-us/defender-cloud-apps/protect-azure Monitor: Microsoft Defender four Cloud Apps -> Activity from suspicious IP addresses Integrate: An app connector -> "This section provides instructions for connecting Microsoft Defender for Cloud Apps to your existing Azure account using the app connector API"

Activities from suspicious IP addresses: Data connector To guard against suspicious IP addresses, employ Microsoft Sentinel’s data connector in concert with threat intelligence tools. This integration, joined with Microsoft Defender XDR, ensures alerts flow seamlessly when suspicious IPs arise. Additionally, Sentinel’s Threat Intelligence and Indicators enrich understanding, revealing origins and identities of these addresses. Microsoft Sentinel Threat Intelligence and Indicators: https://learn.microsoft.com/en-us/azure/sentinel/understand-threat-intelligence#view-your-geolocation-and-whois-data-enrichments-public-preview Microsoft Defender XDR integration with Microsoft Sentinel: https://learn.microsoft.com/en-us/azure/sentinel/microsoft-365-defender-sentinel-integration?tabs=azure-portal * * * * * * * * * * * * Monitor unusual administrative activities in Azure: Microsoft Defender for Identity Microsoft Defender for Identity: https://learn.microsoft.com/en-us/defender-for-identity/what-is#identify-suspicious-activities-across-the-cyber-attack-kill-chain

Monitor: Microsoft Defender for Cloud Apps Integrate: An app connector https://learn.microsoft.com/en-us/defender-cloud-apps/protect-azure

Answers are Monitor: Microsoft Defender for Cloud Integrate: A data connector