Your organization uses Microsoft Defender for Cloud Apps. You need to generate alerts when a user downloads a large number of files from Microsoft SharePoint Online in a short period. What should you create?
Activity policies allow custom detection of specific activities like mass download.
Why this answer
Option B is correct because Activity policies in Defender for Cloud Apps allow you to create custom rules to detect specific activities like mass download. Option A (Anomaly Detection) is for pre-built anomalies. Option C (Cloud Discovery) is for shadow IT.
Option D (App Discovery) is for identifying apps.