Configure Azure Sentinel for Azure AD Identity Protection risk alert incidents

A.

To ensure that Azure Sentinel can generate incidents based on the risk alerts raised by Azure AD Identity Protection, you need to perform the following steps:

1. Add the Azure AD Identity Protection connector to Azure Sentinel: You need to add the Azure AD Identity Protection connector to your Azure Sentinel instance. This connector allows Azure Sentinel to access risk events and alerts from Azure AD Identity Protection.

2. Configure Azure AD Identity Protection: Configure Azure AD Identity Protection to send risk events and alerts to Azure Sentinel. This can be done by configuring the Notify settings in Azure AD Identity Protection.

3. Create a rule or playbook: Create a rule or playbook in Azure Sentinel that triggers an incident based on the risk events and alerts received from Azure AD Identity Protection.

So, the correct answer to the question is B. Configure the Notify settings in Azure AD Identity Protection. This is the first step in configuring Azure AD Identity Protection to send risk events and alerts to Azure Sentinel.

After configuring the Notify settings in Azure AD Identity Protection, you can then add the Azure AD Identity Protection connector to Azure Sentinel, create a rule or playbook to trigger incidents based on the risk events and alerts received from Azure AD Identity Protection.

Option A. Add an Azure Sentinel data connector is incorrect as it doesn't specifically mention the Azure AD Identity Protection connector, which is required for this scenario.

Option C. Create an Azure Sentinel playbook is also incorrect as it is the last step in the process, after configuring the Notify settings and adding the Azure AD Identity Protection connector.

Option D. Modify the Diagnostics settings in Azure AD is not necessary for this scenario.