From the course: Microsoft Information Protection and Compliance Administrator Associate (SC-400) Cert Prep
Join today to access over 25,200 courses taught by industry experts.
Incident and alert in Microsoft 365 Defender Portal - Microsoft 365 Tutorial
From the course: Microsoft Information Protection and Compliance Administrator Associate (SC-400) Cert Prep
Incident and alert in Microsoft 365 Defender Portal
- [Instructor] Alerts are generated when there is a matching activity within our tenants with respect to the policies we created. We can filter our alerts based on time range, you can filter it based on user, alert status, and the alert severity. Okay, so when we have a list of correlated alerts, then there is an incident generated. Let's go to the Incidents page to see active incidents that we have. To find out or to see incidents, we have to connect with the Microsoft 365 Defender portal, which used to be the Security Admin Center. You can also filter your incidents using the status or using the severity. You can also filter your incidents based on days, weeks, or months, so I am using the six months time range, and these are the list of active incidents in my environment. So let us see information or properties of one of these incidents. I'll be using the second one as a case study, and that is an incident about…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.