Securing Microsoft 365 with Defender Advanced Threat Protection

Enabling Office 365 Attack Simulator for Marketing Department

Prev Question Next Question

Question

You are an IT administrator in a hybrid environment consisting of Windows 10 devices.

Most of your users have migrated their mailboxes to Exchange online, but Sales and Marketing still have their mailboxes on premise.

All users are assigned Microsoft 365 Enterprise E5 licenses.

You wish to take advantage of the security capabilities in Microsoft Defender Advanced Threat Protection, and plan to run the Microsoft Office 365 Attack simulator on users in the Marketing-department.

You have enabled MFA for all users.

What must you do?

Answers

A. Migrate the Marketing group members to Exchange Online.

B. Set AD Connect in staging mode.

C. Create a mail-enabled security-group and add the Marketing group members.

D. Configure the on-premise public IP in the MFA "trusted IP" settings.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer: A

Attack Simulator only works on cloud-based mailboxes.

$(@lUIsixe)an\-lmu Kole dele, Require Approval Require approval for all data access requests ml On$

Since the answer is clearly stated in the documentation, all other options are incorrect.

Reference:

To know more about Microsoft Office 365 Attack Simulator, please refer to the link below:

In order to take advantage of the security capabilities in Microsoft Defender Advanced Threat Protection (ATP) and run the Microsoft Office 365 Attack Simulator on users in the Marketing department, as an IT administrator in a hybrid environment consisting of Windows 10 devices, and with most users having migrated their mailboxes to Exchange Online, the following must be done:

Option A: Migrate the Marketing group members to Exchange Online This option is not necessary to enable Microsoft Defender ATP and run the Microsoft Office 365 Attack Simulator on users in the Marketing department. However, it is recommended to migrate all mailboxes to Exchange Online for better security, reliability, and manageability.

Option B: Set AD Connect in staging mode AD Connect is used to synchronize objects between on-premises Active Directory and Azure Active Directory. Setting AD Connect in staging mode allows changes to be previewed before they are applied to the production environment. This option is also not necessary to enable Microsoft Defender ATP and run the Microsoft Office 365 Attack Simulator on users in the Marketing department.

Option C: Create a mail-enabled security-group and add the Marketing group members Creating a mail-enabled security group in Azure Active Directory and adding the Marketing group members to it is the correct option. This is because Microsoft Defender ATP uses Azure Active Directory for authentication and authorization. By creating a mail-enabled security group and adding the Marketing group members to it, the group will be synchronized to Azure Active Directory, allowing the members to be selected in the Microsoft Office 365 Attack Simulator.

Option D: Configure the on-premise public IP in the MFA "trusted IP" settings This option is also not necessary to enable Microsoft Defender ATP and run the Microsoft Office 365 Attack Simulator on users in the Marketing department. Configuring the on-premises public IP in the MFA "trusted IP" settings is used to allow users to bypass multi-factor authentication when accessing resources from trusted networks. It is not directly related to enabling Microsoft Defender ATP and running the Microsoft Office 365 Attack Simulator on users in the Marketing department.

In summary, the correct answer is option C: Create a mail-enabled security-group and add the Marketing group members.

Prev Question Next Question