To monitor user mailbox activities in Microsoft Defender for Cloud Apps (MDCA), you must first connect Microsoft 365 (Exchange Online) to MDCA using an app connector. This allows MDCA to ingest mailbox audit logs and track activities such as:
Mail access (e.g., mailbox login)
Message deletions
Forwarding rules
Suspicious email activities
To use Microsoft Defender for Cloud Apps to monitor user mailbox activities, follow these steps in sequence:
Enable mailbox auditing in Exchange Online.
Connect Microsoft 365 to Microsoft Defender for Cloud Apps (App Connector).
Create an activity policy in Defender for Cloud Apps.
Configure the activity policy to track mailbox activities.
Set alerts and notifications for triggered activities.
Monitor alerts and activity logs in Defender for Cloud Apps.
Investigate and respond to suspicious activity as needed.
"Exchange Mailbox audit logging must be turned on for each user mailbox before user activity in Exchange Online is logged"
https://learn.microsoft.com/en-us/defender-cloud-apps/protect-office-365
the issue here is Mailbox audit logging is enabled by default for most tenants created after January 2019. However, for older tenants, this step might still be necessary... The precise answer depends on whether audit logging is already enabled:
If not enabled: C. Enable mailbox audit logging.
If enabled: D. Create an app connector for Microsoft 365.
Not a nice question again from MS
Before you can monitor mailbox activities, you have to turn on Mailbox audit logging.
You also have to add a Connector.
The question is a bit vague, but I am going with enabling the mailbox first.
Correct, it is A: Create an activity policy (These policies enable you to monitor specific activities carried out by various users)
B: Access Polices are for user logins
C: Enable mailbox audit logging is not a Microsoft Defender for Cloud Feature
D: Create an app connector is not necessary. Entra services (here mostly Exchange for email) are connected automatically
This section is not available anymore. Please use the main Exam Page.MS-102 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Frank_2022
2 days, 18 hours agoDPAJA
1 month agoMeek_Learner
3 months agoBJS78
3 months, 2 weeks agofabiomartinsnet
3 weeks, 2 days agojustITtopics
4 months, 4 weeks agoBigO76
3 months, 3 weeks agoHiyas
5 months, 2 weeks agoOdy
5 months, 3 weeks agoXive
6 months, 1 week agoJohnDoe47
6 months agoPreeb
6 months, 2 weeks ago