🔥 3-day streak
Microsoft Security Operations Analyst62 / 190
Question 62 of 190
A multi-stage incident in Microsoft Defender XDR shows a user whose Entra ID sign-in was flagged as high risk, followed by mailbox rule creation and OAuth token replay. After investigating, you have strong evidence the account was genuinely taken over by an attacker. In the Defender XDR incident, within the Entra ID user (identity) entity actions, which response BEST feeds accurate signal back to Entra ID Identity Protection and forces immediate remediation of the identity?
Reviewed for accuracy · Report an issueNext question