- A
In Microsoft Defender for Cloud > Environment settings > Select subscription > Settings & monitoring > Log Analytics agent for Azure VMs > Set to 'On'
This is the correct location to enable automatic provisioning of the Log Analytics agent for all current and future VMs in the subscription.
- B
In Azure Policy > Assign a policy that deploys the Log Analytics agent to VMs
Why wrong: While Azure Policy can be used, Defender for Cloud provides a built-in setting that automatically creates a policy assignment and is easier to manage.
- C
In Microsoft Defender for Cloud > Security policy > Data collection
Why wrong: The 'Data collection' blade under Security policy is for selecting workspace and storage, not for enabling automatic provisioning of the agent.
- D
In Azure virtual machine blade > Auto-provisioning
Why wrong: The Auto-provisioning page in the Azure portal is for IaaS VM backup, not for Defender for Cloud agent installation.
SC-200 Practice Question: Mitigate threats using Microsoft Defender for Cloud
This SC-200 practice question tests your understanding of mitigate threats using microsoft defender for cloud. This is a configuration task: choose the command set that satisfies every stated requirement. Small differences — like 'secret' vs 'password' or 'transport input ssh' vs 'all' — change whether the answer is correct. A key principle to apply: defender for Cloud's 'Environment settings' manage subscription-wide security configurations.. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.
A cloud security team uses Microsoft Defender for Cloud with Defender for Servers enabled. They want to ensure that all Azure virtual machines have automatic provisioning of the Log Analytics agent (Azure Monitor Agent) turned on. Where should this configuration be set to cover existing and future VMs?
Answer choices
Why each option matters
Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.
Correct answer & explanation
In Microsoft Defender for Cloud > Environment settings > Select subscription > Settings & monitoring > Log Analytics agent for Azure VMs > Set to 'On'
Option A is correct because the 'Settings & monitoring' pane under Environment settings in Microsoft Defender for Cloud is the centralized location to enable automatic provisioning of the Log Analytics agent (Azure Monitor Agent) at the subscription level. This setting ensures that both existing Azure VMs and any future VMs are automatically provisioned with the agent, without requiring individual VM configuration or manual policy assignment.
Key principle: Defender for Cloud's 'Environment settings' manage subscription-wide security configurations.
Answer analysis
Option-by-option breakdown
For each option: why learners choose it and why it is or isn't the right answer here.
- ✓
In Microsoft Defender for Cloud > Environment settings > Select subscription > Settings & monitoring > Log Analytics agent for Azure VMs > Set to 'On'
Why this is correct
This is the correct location to enable automatic provisioning of the Log Analytics agent for all current and future VMs in the subscription.
Related concept
Defender for Cloud's 'Environment settings' manage subscription-wide security configurations.
- ✗
In Azure Policy > Assign a policy that deploys the Log Analytics agent to VMs
Why it's wrong here
While Azure Policy can be used, Defender for Cloud provides a built-in setting that automatically creates a policy assignment and is easier to manage.
- ✗
In Microsoft Defender for Cloud > Security policy > Data collection
Why it's wrong here
The 'Data collection' blade under Security policy is for selecting workspace and storage, not for enabling automatic provisioning of the agent.
- ✗
In Azure virtual machine blade > Auto-provisioning
Common exam traps
Common exam trap: answer the scenario, not the keyword
The trap here is that candidates often confuse the deprecated 'Data collection' option under Security policy (Option C) with the current 'Settings & monitoring' pane, or they assume that Azure Policy (Option B) is the only way to enforce agent deployment, missing the built-in auto-provisioning toggle in Defender for Cloud.
Detailed technical explanation
How to think about this question
Under the hood, enabling 'Log Analytics agent for Azure VMs' in Defender for Cloud triggers the deployment of the Azure Monitor Agent (AMA) via the 'AzureSecurityMonitoring' extension, which is automatically applied to all existing and future VMs in the subscription. This setting also configures the Data Collection Rule (DCR) for security events, ensuring that Defender for Cloud can collect necessary telemetry for threat detection without manual intervention. In a real-world scenario, if a team mistakenly uses Azure Policy instead, they would need to manage policy assignments and remediation tasks separately, potentially missing coverage for new VMs if the policy scope is not correctly set.
KKey Concepts to Remember
- Defender for Cloud's 'Environment settings' manage subscription-wide security configurations.
- Automatic provisioning ensures Log Analytics agent deployment on existing and future VMs.
- This setting simplifies agent management compared to manual or separate Azure Policy assignments.
- The Log Analytics agent collects security data for Defender for Servers features.
TExam Day Tips
- Watch for words such as best, first, most likely and least administrative effort.
- Review why wrong options are wrong, not only why the correct option is correct.
Key takeaway
Defender for Cloud's 'Environment settings' manage subscription-wide security configurations.
Real-world example
How this comes up in practice
An e-commerce site experiences heavy traffic on Black Friday and near-zero traffic during off-peak weeks. Rather than provisioning permanent large VMs, the team uses auto-scaling groups that add capacity automatically under load and reduce it overnight. Questions like this test whether you understand elasticity, availability zones, and cloud compute scaling patterns.
What to study next
Got this wrong? Here's your next step.
Review defender for Cloud's 'Environment settings' manage subscription-wide security configurations., then practise related SC-200 questions on the same topic to reinforce the concept.
- →
Mitigate threats using Microsoft Defender for Cloud — study guide chapter
Learn the concepts, then practise the questions
- →
Mitigate threats using Microsoft Defender for Cloud practice questions
Targeted practice on this topic area only
- →
All SC-200 questions
1,639 questions across all exam domains
- →
Microsoft Security Operations Analyst SC-200 study guide
Full concept coverage aligned to exam objectives
- →
SC-200 practice test guide
How to use practice tests most effectively before exam day
Related practice questions
Related SC-200 practice-question pages
Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.
Manage a security operations environment practice questions
Practise SC-200 questions linked to Manage a security operations environment.
Respond to security incidents practice questions
Practise SC-200 questions linked to Respond to security incidents.
Perform threat hunting practice questions
Practise SC-200 questions linked to Perform threat hunting.
Mitigate threats using Microsoft Defender XDR practice questions
Practise SC-200 questions linked to Mitigate threats using Microsoft Defender XDR.
Mitigate threats using Microsoft Defender for Cloud practice questions
Practise SC-200 questions linked to Mitigate threats using Microsoft Defender for Cloud.
Mitigate threats using Microsoft Sentinel practice questions
Practise SC-200 questions linked to Mitigate threats using Microsoft Sentinel.
SC-200 fundamentals practice questions
Practise SC-200 questions linked to SC-200 fundamentals.
SC-200 scenario practice questions
Practise SC-200 questions linked to SC-200 scenario.
SC-200 troubleshooting practice questions
Practise SC-200 questions linked to SC-200 troubleshooting.
Practice this exam
Start a free SC-200 practice session
Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.
FAQ
Questions learners often ask
What does this SC-200 question test?
Mitigate threats using Microsoft Defender for Cloud — This question tests Mitigate threats using Microsoft Defender for Cloud — Defender for Cloud's 'Environment settings' manage subscription-wide security configurations..
What is the correct answer to this question?
The correct answer is: In Microsoft Defender for Cloud > Environment settings > Select subscription > Settings & monitoring > Log Analytics agent for Azure VMs > Set to 'On' — Option A is correct because the 'Settings & monitoring' pane under Environment settings in Microsoft Defender for Cloud is the centralized location to enable automatic provisioning of the Log Analytics agent (Azure Monitor Agent) at the subscription level. This setting ensures that both existing Azure VMs and any future VMs are automatically provisioned with the agent, without requiring individual VM configuration or manual policy assignment.
What should I do if I get this SC-200 question wrong?
Review defender for Cloud's 'Environment settings' manage subscription-wide security configurations., then practise related SC-200 questions on the same topic to reinforce the concept.
What is the key concept behind this question?
Defender for Cloud's 'Environment settings' manage subscription-wide security configurations.
About these practice questions
Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →
Last reviewed: Jun 11, 2026
This SC-200 practice question is part of Courseiva's free Microsoft certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the SC-200 exam.
Question Discussion
Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.
Sign in to join the discussion.