Microsoft 365 Certified Endpoint Administrator (MD-102) Practice Test

Which action should be taken to configure Microsoft Defender for Endpoint against advanced threats?

• A. Configure security baseline in the Intune portal
• B. Configure Endpoint Detection and Response (EDR) capabilities
• C. Configure device compliance policies
• D. Configure security settings in Microsoft Endpoint Configuration Manager

The correct answer is: Configure Endpoint Detection and Response (EDR) capabilities

Configuring Endpoint Detection and Response (EDR) capabilities is essential for Microsoft Defender for Endpoint to effectively combat advanced threats. EDR provides advanced threat detection, investigation, and response capabilities by continuously monitoring endpoint activities. This enables organizations to detect suspicious activities or behaviors that may indicate a breach, thereby allowing for rapid response to potential security incidents. EDR capabilities enhance threat visibility and provide actionable insights that help in analyzing threats and responding to them in real-time. With EDR, security teams can investigate alerts, understand the context of threats, and implement response actions to mitigate risks. The other options, while valuable in a broader security strategy, do not specifically target the advanced threat detection capabilities that EDR offers. Configuring security baselines in the Intune portal focuses on establishing a consistent security configuration across devices, but it does not provide the same level of active monitoring and response to threats. Implementing device compliance policies ensures that devices meet security requirements but does not address advanced threat detection. Lastly, configuring security settings in Microsoft Endpoint Configuration Manager is about managing device configurations and policies but does not specifically relate to the active detection and response functions that EDR provides.