What should you do first?

You have a Microsoft 365 subscription.

You recently configured a Microsoft SharePoint Online tenant in the subscription.

You plan to create an alert policy.

You need to ensure that an alert is generated only when malware is detected in more than five documents stored in SharePoint Online during a period of 10 minutes.

What should you do first?
A . Enable Microsoft Office 365 Cloud App Security.
B . Deploy Windows Defender Advanced Threat Protection (Windows Defender ATP).
C . Enable Microsoft Office 365 Analytics.

View Answer

Answer: B

Explanation:

An alert policy consists of a set of rules and conditions that define the user or admin activity that generates an alert, a list of users who trigger the alert if they perform the activity, and a threshold that defines how many times the activity has to occur before an alert is triggered.

In this question, we would use the “Malware detected in file” activity in the alert settings then configure the threshold (5 detections) and the time window (10 minutes).

The ability to configure alert policies based on a threshold or based on unusual activity requires Advanced Threat Protection (ATP).

Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/alert-policies