🔥 3-day streak
Microsoft Security Operations Analyst156 / 190
Question 156 of 190
Your SOC uses Microsoft Sentinel and Microsoft Defender for Endpoint. Analysts triage incidents in the Sentinel portal and want to onboard a compromised device (isolate it) directly as a response action from a Sentinel automation rule triggered on Defender for Endpoint alerts. You have enabled the Microsoft Defender XDR data connector in Sentinel. During testing, the automation rule fires, but the device isolation action fails with a permissions error. What is the most likely cause?
Reviewed for accuracy · Report an issueNext question