Microsoft SC-200 Study Summary

Microsoft SC-200 Study Summary Microsoft Defender for Office 365 - Helps organizations secure their enterprise with a set of prevention, detection, investigation and hunting features to protect email, and Office 365 resources. Microsoft Defender for Endpoint - delivers preventative protection, post-breach detection, automated investigation, and response for devices in your organization. Microsoft 365 Defender - is part of Microsoft's Extended Detection and Response (XDR) solution that uses the Microsoft 365 security portfolio to automatically analyze threat data across domains, and build a picture of an attack on a single dashboard. Microsoft Defender for Cloud Apps - is a comprehensive cross-SaaS and PaaS solution bringing deep visibility, strong data controls, and enhanced threat protection to your cloud apps. Microsoft Defender for Identity - is a cloud-based security solution that uses your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. Microsoft Defender Vulnerability Management - delivers continuous asset visibility, intelligent risk-based assessments, and built-in remediation tools to help your security and IT teams prioritize and address critical vulnerabilities and misconfigurations across your organization. Microsoft Purview compliance portal - Manage your compliance needs across Microsoft 365 services using integrated solutions for information governance, classification, case management, and more. Azure Active Directory - Manage your organization's identities. Set up multi-factor authentication, track user sign-ins, edit company branding, and more. Azure AD Identity Protection - Detect potential vulnerabilities affecting your organization's identities. Investigate suspicious incidents related to your organization's identities and set up automated responses to resolve them. Azure Information Protection - Configure and manage the Azure Information Protection client and scanner to automatically classify and protect your organization's email and docs. Use reports to monitor label usage and identify sensitive info that should be protected. Microsoft Defender for Cloud - Protect your data centers and get advanced threat protection for your Azure and non-Azure workloads in the cloud and on premises. Secure your Azure services fast with autoprovisioned, native protection. Incident - A collection of correlated alerts that make up the story of an attack. Data sensitivity - Some attacks focus on targeting to exfiltrate sensitive or valuable data. By applying a filter to see if sensitive data is involved in the incident, you can quickly determine if sensitive information has been compromised. And if a compromise is found you can prioritize a response to those incidents. This filtering ability is only applicable if Microsoft Purview Information Protection is turned on. Action center - Lists pending and completed remediation actions for your devices, email & collaboration content, and identities in one location. Action source value - A manual action taken on a device. Examples include device isolation or file quarantine. Manual email action - A manual action taken on email. An example includes soft-deleting email messages or remediating an email message. Automated device action - An automated action taken on an entity, such as a file or process. Examples of automated actions include sending a file to quarantine, stopping a process, and removing a registry key. Automated email action - An automated action taken on email content, such as an email message, attachment, or URL. Examples of automated actions include soft-deleting email messages, blocking URLs, and turning off external mail forwarding. Advanced hunting action - Actions taken on devices or email with advanced hunting. Explorer action - Actions taken on email content with Explorer. Manual live response action - Actions taken on a device with live response. Examples include deleting a file, stopping a process, and removing a scheduled task. Live response action - Actions taken on a device with Microsoft Defender for Endpoint APIs. Examples of actions include isolating a device, running an antivirus scan, and getting information about a file. AlertEvidence - Files, IP addresses, URLs, users, or devices associated with alerts AlertInfo - Alerts from Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Cloud App Security, and Microsoft Defender for Identity, including severity information and threat categorization CloudAppEvents - Events involving accounts and objects in Office 365 and other cloud apps and services DeviceEvents - Multiple event types, including events triggered by security controls such as Windows Defender Antivirus and exploit protection DeviceFileCertificateInfo - Certificate information of signed files obtained from certificate verification events on endpoints DeviceFileEvents - File creation, modification, and other file system events DeviceImageLoadEvents - DLL loading events DeviceInfo - Machine information, including OS information DeviceLogonEvents - Sign-ins and other authentication events on devices