A security administrator needs a single console to investigate and respond to a complex incident involving alerts from endpoints, email, and identities. Which Microsoft portal should they use?
Trap 1: Microsoft Sentinel
Microsoft Sentinel is a cloud-native SIEM for ingesting logs from many sources but does not natively aggregate Defender product alerts into single incidents by default.
Trap 2: Microsoft Defender for Cloud
Microsoft Defender for Cloud focuses on cloud workload protection, not cross-domain incident correlation across endpoints, identities, and email.
Trap 3: Microsoft 365 compliance center
The compliance center is used for data lifecycle management, retention, and eDiscovery, not for security incident investigation.
- A
Microsoft 365 Defender portal
This portal provides a unified incident management view across Microsoft Defender XDR products, correlating alerts from multiple domains.
- B
Microsoft Sentinel
Why wrong: Microsoft Sentinel is a cloud-native SIEM for ingesting logs from many sources but does not natively aggregate Defender product alerts into single incidents by default.
- C
Microsoft Defender for Cloud
Why wrong: Microsoft Defender for Cloud focuses on cloud workload protection, not cross-domain incident correlation across endpoints, identities, and email.
- D
Microsoft 365 compliance center
Why wrong: The compliance center is used for data lifecycle management, retention, and eDiscovery, not for security incident investigation.