🔥 3-day streak
Microsoft Security Operations Analyst1 / 190
Question 1 of 190
During an incident in Microsoft Defender XDR, an alert from Microsoft Defender for Cloud Apps flags a third-party OAuth application in your Entra ID tenant as malicious. The app was granted delegated Mail.Read and Files.ReadWrite.All permissions by 40 users after a phishing campaign. You must immediately stop the app from accessing tenant data while preserving evidence for further investigation. Which action in the Defender XDR portal best meets this requirement?
Reviewed for accuracy · Report an issueNext question