Sign-in logs – Monitoring Microsoft 365 Tenant Health

The Sign-ins activity report provides data regarding sign-in activity for your tenant, including users and other security or service principals. The report includes information regarding the user, the status of the request, the resource name used for the sign-in, whether multi-factor authentication or conditional access was required, as well as regional location and IP address information:

Figure 2.17 – Sign-in logs

Selecting an individual sign-in event brings up advanced details. Each tab contains additional information regarding the sign-in event. See Figure 2.18:

Figure 2.18 – Sign-in activity details

Sign-ins logs are available to all subscriptions, though programmatic access to this data via the Graph API requires either Azure AD Premium P1 or P2.

Provisioning logs

The provisioning logs show data regarding users being provisioned into Azure AD from connected applications or to connected applications from Azure AD provisioning workflows.

To view the provisioning logs, a user must be granted one of the following roles:

  • Reports Reader
  • Security Reader
  • Security Operator
  • Security Administrator
  • Application Administrator
  • Cloud Application Administrator
  • Global Administrator

Objects created manually through the Azure AD portal, PowerShell, or Microsoft 365 admin center do not appear here, nor do objects synchronized via Azure AD Connect.

Azure Monitor and Log Analytics

Azure Monitor provides a single, unified hub for diagnostic and monitoring data in Azure and connected applications. The easiest way to start reviewing the logs is to select the Log Analytics link under the Monitoring section in Azure Active Directory, as shown in Figure 2.19:

Figure 2.19 – Accessing Log Analytics from the Monitoring section of Azure AD

Log analytics data can be searched using built-in queries or by specifying your own searches in the Query window.

For example, you can select built-in queries to begin querying data immediately. Figure 2.20 shows a query for the SigninLogs table, summarizing sign-ins by country:

Figure 2.20 – Querying Log Analytics

Deep-dive into Kusto Query Language

Kusto Query Language (KQL) is used to search for and sort through data in Log Analytics. It is an incredibly powerful language but takes some time to learn. KQL is used in Log Analytics, Azure Monitor, and Azure Sentinel. If you want to start learning KQL, you can work through the Log Analytics tutorial at https://learn.microsoft.com/en-us/azure/azure-monitor/logs/log-analytics-tutorial.

Reviewing usage metrics

For your organization to get the most benefit from a Microsoft 365 investment, users must adopt the available services and features. You can monitor end user adoption and consumption metrics through a variety of tools, including Microsoft 365 Usage Metrics, Viva Insights (formerly known as Workplace Analytics), and Adoption Score (formerly known as Productivity Score).

Monitoring application access – Monitoring Microsoft 365 Tenant Health

While many cloud-based applications and services may use their own identity stores, it is becoming more common for application vendors to allow bring-you-own-identity scenarios. You might see this with websites allowing social media logins or other types of identity.

Like other identity providers, Azure AD identity can be used to authenticate users to external applications. While many of those applications are legitimate (and their use derives from a legitimate business use case), malicious websites or individuals can publish applications to steal data. As part of your operational practices, you should periodically review allowed applications in your environment and remove the authorizations for applications that look suspicious or are no longer being used.

Applications that are registered or authorized in Azure AD can be used to provide single sign-on to both SaaS cloud applications as well as internally managed applications. Depending on your organization’s settings, applications may be authorized by end users, administrators, or both.

There are several things you can do to monitor application access:

  • Create and manage access reviews
  • Review audit logs
  • Review the sign-ins report
  • Send activity log data to Azure Monitor

Let’s look at each of these areas briefly.

Creating and managing access reviews

The primary goal of an access review is to confirm that those who have access to an application or other resource still have access. If a user, whether internal or external, no longer requires the ability to use a resource, their access to that resource should be terminated.

Note

Access reviews are a feature of Identity Governance and require Azure AD Premium P2.

To create an access review, follow these steps:

  1. Log in to the Azure portal (https://portal.azure.com) with a user that has one of the prerequisite role assignments (Global Administrator, User Administrator, Identity Governance Administrator, or Privileged Role Administrator) or who is an owner of the group for which the access review will be created.
  2. In the search box, enter Identity Governance and select the Identity Governance item.
  3. Under the Access reviews navigation menu item, select Access reviews:

Figure 2.9 – Access reviews

  • Select + New access review.
  • In the Select Review dropdown, select Teams + Groups or Applications:

Figure 2.10 – New access review – the Select Review dropdown

  • Depending on your selection, choose from All Microsoft 365 groups with guest users, Select Teams + groups (if you choose the Teams + Groups option), or one or more registered applications (if you choose the Applications option). If you select Teams + Groups, you may have additional selections regarding specific groups to include or exclude or specific scopes of users to include or exclude.
  • Click Next.
  • Under Specify reviewers, select the individuals who will be responsible for auditing the group. You may be asked to provide Fallback reviewers (if the ones you initially select cease to exist in the future), depending on the options you select.
  • Depending on your settings, you may see an option to perform a multi-stage review. Multi-stage reviews allow you to add up to three stages of reviewers to audit the membership of a group.
  • Under Specify recurrence of review, set a Duration (in days) period, a Review recurrence option (one-time, weekly, monthly, quarterly, semi-annually, or annually), and start and end date parameters. Click Next.
  • Under Upon completion settings, choose whether to Auto apply results to a resource and what to do If reviewers don’t respond:

Figure 2.11 – Access review additional settings

  1. You can also choose to Enable reviewer decision helpers, which are like tooltips that provide additional information on the selected actions during the access review.
  2. Under Advanced settings, you can choose additional options such as Justification required, enable Email notifications and Reminders to complete access reviews, and use a text box to specify Additional context for reviewer email, which can be used to further explain the access review process to the individuals you’ve selected.
  3. Click Next.
  4. Enter a name for the access review, review the configured options, and then click Create to create your access review.

After an access review has been created, Azure AD will evaluate whether it needs to run. If the workflow determines it is time for the access review to run, it will do so.

You can view the status of an access review by clicking on it on the Identity governance | Access reviews page.

Users who have been selected to be reviewers will receive an email notification with a link to the access review page. You can also view the access review by selecting Results under the Manage menu item. From there, you’ll be able to view the recommended actions and the audit information for review:

Figure 2.12 – Access review results

Next, we’ll look at some of the logging and reporting data available for applications.

Summary – Planning and Implementing a Microsoft 365 Tenant

In this chapter, you learned about the fundamental aspects and terminology of configuring a Microsoft 365 tenant, such as selecting a tenant and subscription type, adding domains, and configuring the basic organization settings.

In the next chapter, we will learn how to monitor the Microsoft 365 tenant’s health.

Knowledge check

In this section, we’ll test your knowledge of some key elements from this chapter.

Questions

  1. What is the maximum number of domains that can be added to a Microsoft 365 tenant?
    1. 100
    1. 500
    1. 900
    1. 1,000
  2. You are the administrator for an organization with 250 employees. Which Office 365 subscription best fits the size of the organization?
    1. Microsoft 365 Family
    1. Microsoft 365 Business
    1. Microsoft 365 Enterprise
    1. Microsoft 365 Education
  3. You recently took over the administration duties for a Microsoft 365 tenant for a start-up organization. The organization purchased a domain from a third-party registrar. Can this domain be used with Microsoft 365?
    1. Yes
    1. Yes, but it must be transferred to Microsoft first
    1. No
    1. Only domains purchased through the Microsoft 365 admin center can be configured for use with Microsoft 365
  4. Your organization wants to turn off Microsoft Books for all employees until the support staff has had time to read the documentation. From the available options, what should you do?
    1. Disable all Azure AD user accounts
    1. Disable directory synchronization
    1. Disable bookings from Org settings | Services
    1. Disable bookings from Org settings | Security & privacy
  5. The Service Desk manager for Contoso has asked you to update the help desk information for your Microsoft 365 tenant with the internal help desk contact information. Where would you make this update?
    1. Org settings | Organization profile
    1. Org settings | Services
    1. Microsoft Service Now Admin center
    1. Microsoft 365 portal | Account settings

Answers

  1. C: 900
  2. B: Microsoft 365 Business
  3. A: Yes
  4. C: Disable Bookings from Org settings | Services
  5. A: Org settings | Organization profile

Creating a tenant – Planning and Implementing a Microsoft 365 Tenant

The act of creating a tenant is a relatively simple affair, requiring you to fill out a basic contact form and choose a tenant name. Microsoft periodically changes what plans are available for new trial subscriptions. As of this writing, Office 365 E3 is available for a trial subscription. Currently available public trial subscriptions require the addition of payment information, which will cause a trial to roll over to a fully-paid subscription after the trial period ends. See Figure 1.2:

Figure 1.2 – Starting a trial subscription

The signup process may prompt for a phone number to be used during verification (either a text/SMS or call) to help ensure that you’re a valid potential customer and not an automated system.

After verifying your status as a human, you’ll be prompted to select your managed domain, as shown in Figure 1.3:

Figure 1.3 – Choosing a managed domain

In the Domain name field, you’ll be prompted to enter a domain name. If the domain name value you select is already taken, you’ll receive an error and be prompted to select a new name.

After you’ve finished, you can enter payment information for a trial subscription. Note the end date of the trial; if you fail to cancel by that time, you’ll be automatically billed for the number of licenses you have configured during your trial!

Implementing and managing domains

The managed domain is part of the Microsoft 365 tenant for its entire lifecycle. While it is a fully-functioning domain name space (complete with its own managed publicly available domain name system), most organizations will want to use their organization’s domain names—especially when it comes to sending and receiving email or communicating via Microsoft Teams.

Organizations can use any public domain name with Microsoft 365. Microsoft supports configuring up to 900 domains in a tenant; you can configure both top-level domains (such as contoso.com) and subdomains (businessunit.contoso.com) with your Microsoft 365 tenant.

Acquiring a domain name

Many organizations begin their Microsoft 365 journey with existing domain names. Those existing domain names can be used with Microsoft 365. In addition, you can purchase new domain names to be associated with your tenant.

Third-party registrar

Most large organizations have existing relationships with third-party domain registrars, such as Network Solutions or GoDaddy. You can use any ICANN-accredited registrar for your region to purchase domain names.

Services – Planning and Implementing a Microsoft 365 Tenant-2

While there are no deep questions about what each of the service options do, we recommend you spend time exploring the options for the services in the Microsoft 365 admin center.

Security & privacy

The Security & privacy tab houses settings that govern various security controls for the organization. On this page, you’ll find access to the following settings:


                                                                                 

Setting


                                                                                 

Description


                                                                                 

Bing data collection


                                                                                 

Choose whether to allow Bing to collect organization query data.


                                                                                 

Idle session timeout


                                                                                 

Configure the idle session timeout period for Office web apps.


                                                                                 

Password expiration policy


                                                                                 

Choose whether to enable password expiration. Password expiration is disabled by default (and the password policy is governed by the on-premises Active Directory if password hash sync has been configured).


                                                                                 

Privacy profile


                                                                                 

Configure the URL for the organization’s privacy policy and the organization’s privacy contact. The privacy URL is displayed on the
Privacy
 tab of the
Settings & Privacy
 page in the user account profile and when a sharing request is sent to an external user.


                                                                                 

Self-service password reset


                                                                                 

Provides a link to the Azure portal to configure self-service password reset.


                                                                                 

Sharing


                                                                                 

Choose whether to allow users to add guests to the organization.

Table 1.3 – Security & privacy settings

These options can be used to broadly configure security and privacy settings for your organization. As with the settings on the Services tab, these are coarse controls. Fine-grained control is available for some of these items inside their respective admin centers.

Organization profile

Settings on the Organization profile tab are largely informational or used to manage certain aspects of the user experience. On this tab, you’ll find the following settings:


                                                                                 

Setting


                                                                                 

Description


                                                                                 

Custom app launcher tiles


                                                                                 

Configure additional tiles to show up on the Microsoft 365 app launcher.


                                                                                 

Custom themes


                                                                                 

Create and apply themes to the Microsoft 365 portal for end users, including mandating the theme as well as specific organization logos and colors.


                                                                                 

Data location


                                                                                 

View the regional information where your tenants’ data is stored.


                                                                                 

Help desk information


                                                                                 

Choose whether to add custom help desk support information for end users to the Office 365 help pane.


                                                                                 

Keyboard shortcuts


                                                                                 

View the shortcuts available for use in the Microsoft 365 admin center.


                                                                                 

Organization information


                                                                                 

Update your organization’s name and other contact information.


                                                                                 

Release preferences


                                                                                 

Choose the release settings for Office 365 features (excluding Microsoft 365 apps). The available options are Standard release for everyone, Targeted release for everyone, and Targeted release for select users. The default setting is Standard release for everyone.


                                                                                 

Support integration


                                                                                 

Use the settings on this page to configure integration with third-party support tools such as Service Now.

Table 1.4 – Organization profile settings

Like the other Org settings tabs, the settings on this page will be used infrequently—typically when just setting up your tenant and customizing the experience. As with the other Organization profile setting areas, you should spend some time in a test environment navigating the tenant to view these settings and update them to see their effects.

Auto-labeling policies – Implementing Microsoft Purview Information Protection and Data Lifecycle Management

The auto-labeling policies, like other content automation policies in Microsoft Purview, use detection algorithms and processes (such as sensitive information types and trainable classifiers) to apply labels to content in the M365 environment. These are service-side labeling features. After you’ve laid out a labeling scheme consisting of labels and sublabels and decided how content should be classified, you can use and customize the templates in the auto-labeling wizard to apply labels to content matching your classifiers.

Suppose, for example, you need to identify and classify documents that have sensitive information, such as U.S. taxpayer identification numbers or social security numbers, and have created a label called Highly Confidential. You can use an auto-labeling policy with one of the predefined templates to detect taxpayer and social security number patterns and then apply a label to those matching documents.

To create an auto-labeling policy, follow these steps:

  1. In the Microsoft Purview compliance portal (https://compliance.microsoft.com), expand Information protection and select Auto-labeling.
  2. Click Create auto-labeling policy, as shown in Figure 10.51.

Figure 10.51 – Selecting Create auto-labeling policy

  1. On the Info to label page, select the template that you want to use to detect sensitive data. You can choose from a variety of sensitive information types including financial, medical, and privacy continuum. You can select Custom to create a policy based on your own criteria and sensitive information types. In this example, the U.S. State Breach Notification Laws Enhanced template has been selected, which includes detections for a number of personal data elements including financial information, taxpayer data, government identification (such as passports and driver’s licenses), and medical terminology.

Figure 10.52 – Selecting a category template

  1. Click Next.
  2. Enter a Name value for the policy and click Next.
  3. On the Admin units page, choose which administrative units to use for scoping the policy. By default, the entire tenant is selected. Click Next.
  4. On the Locations page, choose where you want this policy to apply labels. By default, all Exchange email, SharePoint sites, and OneDrive accounts are selected as part of the application scope. Click Next.
  5. On the Policy rules page, you can select either Common rules or Advanced rules. Both Common rules and Advanced rules start off with a base template that you can customize, though Advanced rules gives you more customization ability when it comes to email conditions. Select a rules option and click Next.

Figure 10.53 – Selecting policy rules

  1. Review the rules that are in place, customize if desired, and click Next to continue.
  2. On the Label page, select which label you want to apply to the detected content. Click Next.

Figure 10.54 – Selecting the label to apply

  1. If you have Exchange email selected as a location on the Locations page, you have an Automatically replace existing labels that have the same or lower priority option. Additionally, if the label you selected has encryption settings, you can choose Apply encryption to email received from outside of the organization if required. If you do not choose Assign a Rights Management owner, encryption will not be applied to received emails.

Figure 10.55 – Specifying additional settings for email

  1. Click Next.
  2. On the Policy mode page, select how the policy will be implemented. There is no setting to turn the policy on immediately, though you can choose Run the policy in simulation mode and then select the Automatically turn on policy if not modified after 7 days in simulation option. You can also choose Leave policy turned off if you’re not ready to move forward with it just yet.

Figure 10.56 – Choosing the policy mode

  1. Click Next.
  2. On the Finish page, review the settings and adjust if necessary. Click Create policy.

A labeling policy (whether a standard label policy or an auto-label policy) can only apply a single label to content. Additionally, an item may only have one sensitivity label applied to it at a time. If you have multiple labels and sublabels and want to automatically apply multiple labels, you’ll need to create a separate policy for each label that you want to apply. Labels also have a concept of priority— where a higher number means it has a higher priority. If a labeling policy identifies content that could potentially match two labels with different priorities, M365 will apply the label with the higher priority to the content.

Exam tip
The core takeaway from the two types of labeling policies is that label policies are generally focused on interactive activities (such as navigating a browser interface to apply a label or applying a label while creating and editing a document) while auto-labeling policies generally apply to content at rest.

Managing DNS records manually – Planning and Implementing a Microsoft 365 Tenant

If you’ve opted to manage DNS records manually, you may need to go back to the Microsoft 365 admin center and view the settings. To do this, you can navigate to the Domains page in the Microsoft 365 admin center, select your domain, and then select Manage DNS:

Figure 1.12 – Managing DNS settings for a domain

On the Connect domain page, click More options to expand the options, and then select Add your own DNS records. From here, you can view the specific DNS settings necessary per service by record type. You can also download a CSV file or a zone file that can be uploaded to your own DNS server.

Figure 1.13 – Viewing DNS settings

The CSV output is formatted as columns, while the zone file output is formatted for use with standard DNS services and can be imported or appended to BIND or Microsoft DNS server zone files.

Configuring a default domain

After adding a domain, Microsoft 365 automatically sets that first custom domain as the default domain, which will get used when creating new users. However, if you have additional domains, you may choose to select a different domain to be used as the default domain when creating objects.

To manage which domain will be set as your primary domain, select the domain from the Domains page and then click Set as default to update the setting:

Figure 1.14 – Setting the default domain

The default domain will be selected automatically when creating cloud-based users and groups.

Custom domains and synchronization

When creating new cloud-based objects, you can select from any of the domains available in your tenant. However, when synchronizing from an on-premises directory, objects will be configured with the same domain configured with the on-premises object. If the corresponding domain hasn’t been verified in the tenant, synchronized objects will be set to use the tenant-managed domain.

Next, we’ll look at core organizational settings in a tenant.

Configuring organizational settings

Organizational settings, as the name implies, are configuration options that apply to the entire tenant. They are used to enable or disable features at the service or tenant level. In many instances, organizational settings are coarse controls that can be further refined by configuration settings inside each individual service.

To access the organizational settings, follow these steps:

  1. Navigate to the Microsoft 365 admin center (https://admin.microsoft.com).
  2. In the navigation pane, expand Settings and select Org settings.

Figure 1.15 – Org settings in the Microsoft 365 admin center

The Org settings page has three tabs:

  • Services
  • Security & privacy
  • Organizational profile

In the next section, we’ll look at the settings available in each of them.

ABOUT ICANN – Planning and Implementing a Microsoft 365 Tenant-1

ICANN (short for Internet Corporation for Assigned Names and Numbers) is a non-profit organization tasked with providing guidance and policy around the internet’s unique identifiers (domains). It was chartered in 1998. Prior to 1998, Network Solutions operated the global domain name system registry under a subcontract from the United States Defense Information Systems Agency.

You can search the list of domain registrars here: https://www.icann.org/en/accredited-registrars.

Microsoft

In addition to choosing a third-party registrar, organizations may also wish to use Microsoft as the registrar. Depending on your subscription, you may have direct access to purchasing domain names from within the Microsoft 365 admin center, as shown in Figure 1.4:

Figure 1.4 – Purchasing a domain through the Microsoft 365 admin center

When purchasing a domain through Microsoft, you can select from the following top-level domains:

  • .biz
  • .com
  • .info
  • .me
  • .mobi
  • .net
  • .org
  • .tv
  • .co.uk
  • .org.uk

Domain purchases will be billed separately from your Microsoft 365 subscription services. When purchasing a domain from Microsoft, you’ll have limited ability to manage Domain Name System (DNS) records. If you require custom configuration (such as configuring an MX record to point to a non-Microsoft 365 server), you’ll need to purchase a domain separately.

Configuring a domain name

Configuring a domain for your tenant is a simple procedure and requires access to your organization’s public DNS service provider. Many large organizations may host DNS themselves, while other organizations choose to pay service providers (such as the domain registrar) to host the services.

In order to be compatible with Microsoft 365, a DNS service must support configuring the following types of records:

  • CNAME: Canonical Name records are alias records for a domain, allowing a name to point to another name as a reference. For example, let’s say you have a website named www.contoso.com that resolves to an IP address of 1.2.3.4. Later, you want to start building websites for na.contoso.com and eu.contoso.com on the same web server. You might implement a CNAME record for na.contoso.com to point to www.contoso.com.
  • TXT: A Text Record is a DNS record used to store somewhat unstructured information. Request for Comments (RFC) 1035 (https://tools.ietf.org/html/rfc1035) specifies that the value must be a text string and gives no specific format for the value data. Over the years, Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and other authentication and verification data have been published as TXT records. In addition to SPF and DKIM, the Microsoft 365 domain addition process requires the administrator to place a certain value in a TXT record to confirm ownership of the domain.
  • SRV: A Service Locator record is used to specify a combination of a host in addition to a port for a particular internet protocol or service.
  • MX: The Mail Exchanger record is used to identify which hosts (servers or other devices) are responsible for handling mail for a domain.

In order to use a custom domain (sometimes referred to as a vanity domain) with Microsoft 365, you’ll need to add it to your tenant.

To add a custom domain, follow these steps:

  1. Navigate to the Microsoft 365 admin center (https://admin.microsoft.com) and log in.
  2. Expand Settings and select Domains.

Figure 1.5 – Domains page of the Microsoft 365 admin center

3. Click Add domain.

4. On the Add a domain page, enter the custom domain name you wish to add to your Microsoft 365 tenant. Select Use this domain to continue.

Figure 1.6 – Add a domain page

Summary – Implementing Microsoft Purview Information Protection and Data Lifecycle Management

In this chapter, you learned about some of the important compliance tasks that many organizations face, such as content classification and retention. You learned about the foundational technical concepts around sensitive information types. SITs are used to classify content and can be used in the Microsoft Purview solutions including labeling and retention.

In the next chapter, you’ll apply the SIT knowledge learned here to another compliance concept: data loss prevention.

Exam Readiness Drill – Chapter Review Questions
Benchmark Score: 75%
Apart from a solid understanding of key concepts, being able to think quickly under time pressure is a skill that will help you ace your certification exam. That’s why, working on these skills early on in your learning journey is key.

Chapter review questions are designed to improve your test-taking skills progressively with each chapter you learn and review your understanding of key concepts in the chapter at the same time. You’ll find these at the end of each chapter.

Before You Proceed
You need to unlock these resources before you start using them. Unlocking takes less than 10 minutes, can be done from any device, and needs to be done only once. Head over to the start of Chapter 7, Managing Security Reports and Alerts by Using the Microsoft 365 Defender Portal in this book for instructions on how to unlock them.

To open the Chapter Review Questions for this chapter, click the following link:
https://packt.link/MS102E1_CH10. Or, you can scan the following QR code:

Figure 10.57 – QR code that opens Chapter Review Questions for logged-in users

Once you login, you’ll see a page similar to what is shown in Figure 10.58:

Figure 10.58 – Chapter Review Questions for Chapter 10

Once ready, start the following practice drills, re-attempting the quiz multiple times:

Exam Readiness Drill

For the first 3 attempts, don’t worry about the time limit.

ATTEMPT 1
The first time, aim for at least 40%. Look at the answers you got wrong and read the relevant sections in the chapter again to fix your learning gaps.

ATTEMPT 2
The second time, aim for at least 60%. Look at the answers you got wrong and read the relevant sections in the chapter again to fix any remaining learning gaps.

ATTEMPT 3
The third time, aim for at least 75%. Once you score 75% or more, you start working on your timing.

Tip
You may take more than 3 attempts to reach 75%. That’s okay. Just review the relevant sections in the chapter till you get there.

Working On Timing
Target: Your aim is to keep the score the same while trying to answer these questions as quickly as possible. Here’s an example of how your next attempts should look like:

Table 10.2 – Sample timing practice drills on the online platform

Note
The time limits shown in the above table are just examples. Set your own time limits with each attempt based on the time limit of the quiz on the website.

With each new attempt, your score should stay above 75% while your time taken to complete should decrease. Repeat as many attempts as you want till you feel confident dealing with the time pressure.

Summary – Implementing Microsoft Purview data loss prevention (DLP)

In this chapter, you learned about the capabilities of Microsoft DLP. Building on the knowledge you previously gained about classifiers such as sensitive information types, DLP policies can be used to detect sensitive information as it moves throughout your organization.

DLP policies can target workloads such as Exchange Online or SharePoint as well as endpoint devices such as on-premises file servers and client computers. Each layer helps provide additional protection against data leakage and compromise.

You also learned about the alerting and troubleshooting tools available in the platform, including the DLP Alerts dashboard and the Microsoft 365 DefenderIncidents dashboard, and the capabilities of incident management to further remediate issues with users and data.

Exam Readiness Drill – Chapter Review Questions

Benchmark Score: 75%

Apart from a solid understanding of key concepts, being able to think quickly under time pressure is a skill that will help you ace your certification exam. That’s why, working on these skills early on in your learning journey is key.

Chapter review questions are designed to improve your test-taking skills progressively with each chapter you learn and review your understanding of key concepts in the chapter at the same time. You’ll find these at the end of each chapter.

Before You Proceed

You need to unlock these resources before you start using them. Unlocking takes less than 10 minutes, can be done from any device, and needs to be done only once. Head over to thestart of Chapter 7, Managing Security Reports and Alerts by Using the Microsoft 365 Defender Portal in this book for instructions on how to unlock them.

To open the Chapter Review Questions for this chapter, click the following link:

https://packt.link/MS102E1_CH11. Or, you can scan the following QR code:

Figure 11.40 – QR code that opens Chapter Review Questions for logged-in users Once you login, you’ll see a page similar to what is shown in Figure 11.41:

Figure 11.41 – Chapter Review Questions for Chapter 11

Once ready, start the following practice drills, re-attempting the quiz multiple times:

Exam Readiness Drill

For the first 3 attempts, don’t worry about the time limit.

ATTEMPT 1

The first time, aim for at least 40%. Look at the answers you got wrong and read the relevant sections in the chapter again to fix your learning gaps.

ATTEMPT 2

The second time, aim for at least 60%. Look at the answers you got wrong and read the relevant sections in the chapter again to fix any remaining learning gaps.

ATTEMPT 3

The third time, aim for at least 75%. Once you score 75% or more, you start working on your timing.

Tip You may take more than 3 attempts to reach 75%. That’s okay. Just review the relevant sections in the chapter till you get there.

Working On Timing

Target: Your aim is to keep the score the same while trying to answer these questions as quickly as possible. Here’s an example of how your next attempts should look like:

Table 11.1 – Sample timing practice drills on the online platform

Note The time limits shown in the above table are just examples. Set your own time limits with each attempt based on the time limit of the quiz on the website.

With each new attempt, your score should stay above 75% while your time taken to complete should decrease. Repeat as many attempts as you want till you feel confident dealing with the time pressure.