SC-200 - Manage a Security Operations Environment - Section 1.2
Configure Microsoft Defender for Endpoint advanced features, rules, custom data collection, attack surface reduction, and device groups.
Enable and configure Microsoft Defender for Endpoint advanced features, including custom data collection via data collection rules, and deploy attack surface reduction (ASR) rules to block common attack vectors. Organise devices into device groups and assign automation levels that control how aggressively automated investigation and response acts on each group.
Microsoft Defender for Endpoint advanced featuresrules settingscustom data collectionattack surface reduction (ASR) rulesdevice groups, permissions, and automation levels
More in this domain
Back to all Manage a Security Operations Environment objectives, or the SC-200 cert hub.
Examworthy is not affiliated with or endorsed by Microsoft. Original, blueprint-aligned practice material only.