Your network contains an on-premises Active Directory domain. The domain contains servers that run Windows Server and have advanced auditing enabled.
The security logs of the servers are collected by using a third-party SIEM solution.
You purchase a Microsoft 365 subscription and plan to deploy Microsoft Defender for Identity by using standalone sensors.
You need to ensure that you can detect when sensitive groups are modified and when malicious services are created.
What should you do?

A. Configure Event Forwarding on the domain controllers.

B. Modify the Domain synchronizer candidate settings on the Microsoft Defender for Identity sensors.

C. Turn on Delayed updates for the Microsoft Defender for Identity sensors.

D. Enable the Audit account management Group Policy setting for the servers.








 

Suggested Answer: A



This question is in MS-500 Microsoft 365 Security Administration Exam
For getting Microsoft Certified: Security, Compliance, and Identity Fundamentals Certificate



Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Microsoft. 
The website does not contain actual questions and answers from Microsoft's Certification Exams.
Trademarks, certification & product names are used for reference only and belong to Microsoft.