From the course: Microsoft Information Security Administrator Associate (SC-401) Cert Prep by Microsoft Press

Unlock this course with a free trial

Join today to access over 25,300 courses taught by industry experts.

Respond to Purview alerts in Microsoft Defender XDR

Respond to Purview alerts in Microsoft Defender XDR - Microsoft 365 Tutorial

From the course: Microsoft Information Security Administrator Associate (SC-401) Cert Prep by Microsoft Press

Start my 1-month free trial Buy for my team

Respond to Purview alerts in Microsoft Defender XDR

Microsoft's XDR solution, or Extended Detection and Response, which is found in the Defender portal, is not just for malware or network attacks, it can also ingest and display purview alerts. This creates a unified view for security analysts, where they can see data leakage next to malware alerts, and also potentially integrate them together if they're part of the same incident. For this to happen, you need to enable integration. But if you have the correct licensing, this is actually automatic. Assuming it's set up, a security analyst going into the Defender portal will find certain purview alerts under incidents or the raw alerts queue. They might notice entries like DLP, sensitive data sharing violation, etc. As a security analyst in Defender, you should not ignore these alerts thinking it's someone else's domain. Data exfiltration is very much a security concern, and these alerts give clues to potential insider-driven breaches. Now, when you're reviewing new incidents, if one is…

Contents