Microsoft 365 Administrator Expert MS-102 Practice Question
You are investigating a series of suspicious PowerShell executions reported in the Microsoft Defender portal. You craft an advanced hunting query that reliably returns the suspicious events. To ensure that similar activity automatically generates alerts and appears in future incidents-without relying on Microsoft Sentinel or any other external product-what should you do in the Microsoft 365 Defender portal?
Export the hunting query to Microsoft Sentinel and create an analytics rule from it.
Save the hunting query as a bookmark and enable incident grouping for the bookmark.
Add the PowerShell command to a Safe Links policy as a blocked URL indicator.
Convert the hunting query into a custom detection rule that runs hourly and raises an alert when a match is found.
The most direct way to create continuous, in-portal alerting from an advanced hunting query is to save it as a custom detection rule. Custom detections let you set a schedule (for example, hourly) and define the alert title, severity, and impacted entities. Each time the scheduled query returns results, Microsoft 365 Defender raises an alert that is automatically correlated into the relevant incident timeline. Bookmarks only save individual query results for later review and do not generate alerts. Exporting the query to Microsoft Sentinel would require additional configuration in a different product and is outside the scope of creating an alert entirely inside Microsoft 365 Defender. Safe Links policies protect against malicious URLs and have no effect on PowerShell telemetry.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is advanced hunting in Microsoft 365 Defender?
Open an interactive chat with Bash
How do custom detection rules work in Microsoft 365 Defender?
Open an interactive chat with Bash
What is the difference between bookmarks and custom detection rules in advanced hunting?
Open an interactive chat with Bash
Microsoft 365 Administrator Expert MS-102
Manage security and threats by using Microsoft Defender XDR
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .