SC-200 - Respond to Security Incidents - Section 2.2
Investigate and remediate identity and cloud app risks using Microsoft Defender for Cloud Apps, Microsoft Entra ID, and Microsoft Defender for Identity.
Investigate shadow IT and risky app behaviour using Microsoft Defender for Cloud Apps, and respond to compromised identities by reviewing risky users and risky sign-ins in Microsoft Entra ID. Correlate Microsoft Defender for Identity alerts to identify lateral movement and privilege escalation originating from on-premises Active Directory.
security risks in Microsoft Defender for Cloud Appscompromised identities in Microsoft Entra IDMicrosoft Defender for Identity alertsrisky users and sign-ins
More in this domain
Back to all Respond to Security Incidents objectives, or the SC-200 cert hub.
Examworthy is not affiliated with or endorsed by Microsoft. Original, blueprint-aligned practice material only.