HOTSPOT -
You have a Microsoft 365 E5 subscription that contains the devices shown in the following table.
 
At 08:00, you create an incident notification rule that has the following configurations:
✑ Name: Notification1
✑ Notification settings
- Notify on alert severity: Low
- Device group scope: All (3)
- Details: First notification per incident
✑ Recipients:
User1@contoso.com
,
User2@contoso.com
At 08:02, you create an incident notification rule that has the following configurations:
✑ Name: Notification2
✑ Notification settings
- Notify on alert severity: Low, Medium
- Device group scope: DeviceGroup1, DeviceGroup2
✑ Recipients:
User1@contoso.com
In Microsoft 365 Defender, alerts are logged as shown in the following table.
 
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
 
















 

Suggested Answer: 
    

Box 1: No -
Notification it has: First notification per incident
Only notify on first occurrence per incident - Select if you want a notification only on the first alert that matches your other selections. Later updates or alerts related to the incident won't send additional notifications.
Box 2: Yes -
Box 3: No -
Severity of the 8:20 incident is high, so neither of the notification rules will trigger.
Note: Alert severity - Choose the alert severities that will trigger an incident notification. For example, if you only want to be informed about high-severity incidents, select High.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/defender/incidents-overview

This question is in MS-101 Exam
For getting Microsoft 365 Administrator Expert Certificate


Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Microsoft. 
The website does not contain actual questions and answers from Microsoft's Certification Exams.
Trademarks, certification & product names are used for reference only and belong to Microsoft.