Microsoft 365 Security Administration: Configuring Microsoft Defender ATP and Office 365 Attack Simulator

Configuring Microsoft Defender ATP and Office 365 Attack Simulator

Prev Question Next Question

Question

You are an IT administrator in a hybrid environment consisting of Windows 10 devices.

Most of your users have migrated their mailboxes to Exchange online, but Sales and Marketing still have their mailboxes on premise.

All users are assigned Microsoft 365 Enterprise E5 licenses.

You wish to take advantage of the security capabilities in Microsoft Defender Advanced Threat Protection, and plan to run the Microsoft Office 365 Attack simulator on users in the Marketing-department.

You have enabled MFA for all users.

What must you do?

Answers

A. Migrate the Marketing group members to Exchange Online.

B. Set AD Connect in staging mode.

C. Create a mail-enabled security-group and add the Marketing group members.

D. Configure the on-premise public IP in the MFA "trusted IP" settings.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer: A

Attack Simulator only works on cloud-based mailboxes.

$(@lUIsixe)an\-lmu Kole dele, Require Approval Require approval for all data access requests ml On$

Since the answer is clearly stated in the documentation, all other options are incorrect.

To know more about Microsoft Office 365 Attack Simulator, please refer to the link below:

The correct answer in this case would be A. Migrate the Marketing group members to Exchange Online.

Microsoft Defender Advanced Threat Protection (ATP) is a security solution that provides advanced threat protection for devices and email in Microsoft 365. It can help identify and remediate advanced attacks across endpoints, email, identities, and applications. In addition, the Microsoft Office 365 Attack simulator is a tool that can help administrators test the security posture of their organization's users by simulating common attacks.

In a hybrid environment where some users have their mailboxes on-premises and others have migrated to Exchange Online, it can be challenging to fully take advantage of the security capabilities in Microsoft Defender ATP. This is because some of the features may only be available for cloud-based mailboxes.

To run the Microsoft Office 365 Attack simulator on the Marketing group members, they need to have their mailboxes in Exchange Online. This is because the attack simulator relies on cloud-based mailboxes to test for phishing and other email-based attacks. Therefore, the correct answer is to migrate the Marketing group members to Exchange Online.

Setting AD Connect in staging mode (Answer B) is not necessary in this scenario. AD Connect is used to synchronize user accounts between on-premises Active Directory and Azure Active Directory, which is necessary for hybrid environments. However, it does not directly impact the ability to run the Microsoft Office 365 Attack simulator.

Creating a mail-enabled security group and adding the Marketing group members (Answer C) is also not necessary. While mail-enabled security groups can be used to manage access to resources and services, it does not directly impact the ability to run the attack simulator.

Configuring the on-premise public IP in the MFA "trusted IP" settings (Answer D) is also not necessary. While it is a recommended best practice to configure trusted IPs for MFA, it does not directly impact the ability to run the attack simulator.

Prev Question Next Question