Professional Documents
Culture Documents
Bab 01 Mitigate Threats Using Microsoft 365 Defender
Bab 01 Mitigate Threats Using Microsoft 365 Defender
Scenario:
You are a Security Operations
Analyst working at a company that is
implementing Microsoft 365
Defender solutions. You need
understand how Extended Detection
and Response (XDR) combines
signals from endpoints, identity,
email, and applications to detect and
mitigate threats.
Bab 1
Sub-bab 2
Mitigasi insiden
menggunakan
Microsoft 365
Defender
Introduction
Alerts
Devices
Users
Mailboxes
Apps
Evidence
Graph
Investigate Alerts
You can update Incident management information, view all related information, or jump to
investigation pages for the associated data.
AADSignInEventsBeta SigninLogs
Prevent data exfiltration: Block the download, cut, Block potential malware: Protect your environment
copy, and print of sensitive documents on, for from malware by blocking the upload of potentially
example, unmanaged devices malicious files
Require authentication context: Reevaluate Azure AD Monitor user sessions for compliance: Risky users are
Conditional Access policies when a sensitive action monitored when they sign into apps and their actions
occurs in the session are logged from within the session
Protect on download: Require documents to be
Block access: Granularly block access for specific
labeled and encrypted when integrated with
apps and users depending on risk factors
Microsoft Purview
Prevent upload of unlabeled files: Ensure that Block custom activities: Some apps have unique
unlabeled files with sensitive content are blocked scenarios that carry risk, for example, sending
from being uploaded until classified messages with sensitive content in Microsoft Teams
1 Discover data
Classify sensitive
2 information
3 Protect data