CORRECT TEXT

CORRECT TEXT

Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.

When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.

Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.

Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.

Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.

Use the following login credentials as needed:

To enter your username, place your cursor in the Sign in box and click on the username below.

To enter your password, place your cursor in the Enter password box and click on the password below.

Microsoft 365 Username: [email protected]

Microsoft 365 Password: xxxxxx

If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.

The following information is for technical support purposes only.

Lab Instance: XXXXXX

You need to ensure that a notification email is sent to [email protected] when a user marks an email message as Not Junk in Microsoft Outlook.

To complete this task, sign in to the Microsoft 365 admin center.

View Answer

Answer: Go to the Microsoft 365 Defender portal and under Email & collaboration select Policies & rules > Alert policy.

✑ An alert policy consists of the following settings and conditions.

– Activity the alert is tracking. You create a policy to track an activity or in some cases a few related activities, such a sharing a file with an external user by sharing it, assigning access permissions, or creating an anonymous link. When a user performs the activity defined by the policy, an alert is triggered based on the alert threshold settings.

– Activity conditions. For most activities, you can define additional conditions that must be met to trigger an alert. Common conditions include IP addresses (so that an alert is triggered when the user performs the activity on a computer with a specific IP address or within an IP address range), whether an alert is triggered if a specific user or users perform that activity, and whether the activity is performed on a specific file name or URL. You can also configure a condition that triggers an alert when the activity is performed by any user in your organization. The available conditions are dependent on the selected activity.

✑ You can also define user tags as a condition of an alert policy. This results in the alerts triggered by the policy to include the context of the impacted user. You can use system user tags or custom user tags.

– When the alert is triggered. You can configure a setting that defines how often an activity can occur before an alert is triggered. This allows you to set up a policy to generate an alert every time an activity matches the policy conditions, when a certain threshold is exceeded, or when the occurrence of the activity the alert is tracking becomes unusual for your organization.

✑ If you select the setting based on unusual activity, Microsoft establishes a baseline

value that defines the normal frequency for the selected activity. It takes up to seven days to establish this baseline, during which alerts won’t be generated. After the baseline is established, an alert is triggered when the frequency of the activity tracked by the alert policy greatly exceeds the baseline value. For auditing-related activities (such as file and folder activities), you can establish a baseline based on a single user or based on all users in your organization; for malware-related activities, you can establish a baseline based on a single malware family, a single recipient, or all messages in your organization.

– Alert category. To help with tracking and managing the alerts generated by a policy, you can assign one of the following categories to a policy.

– Data loss prevention

– Information governance

– Mail flow

– Permissions

– Threat management

– Others

✑ When an activity occurs that matches the conditions of the alert policy, the alert that’s generated is tagged with the category defined in this setting. This allows you to track and manage alerts that have the same category setting on the Alerts page in the compliance center because you can sort and filter alerts based on category.

– Alert severity. Similar to the alert category, you assign a severity attribute (Low, Medium , High, or Informational) to alert policies. Like the alert category, when an activity occurs that matches the conditions of the alert policy, the alert that’s generated is tagged with the

same severity level that’s set for the alert policy. Again, this allows you to track and manage alerts that have the same severity setting on the Alerts page. For example, you can filter the list of alerts so that only alerts with a High severity are displayed.

– Email notifications. You can set up the policy so that email notifications are sent (or not sent) to a list of users when an alert is triggered. You can also set a daily notification limit so that once the maximum number of notifications has been reached, no more notifications

are sent for the alert during that day. In addition to email notifications, you or other administrators can view the alerts that are triggered by a policy on the Alerts page. Consider enabling email notifications for alert policies of a specific category or that have a higher severity setting.