{"id":40969,"date":"2021-05-15T11:48:09","date_gmt":"2021-05-15T11:48:09","guid":{"rendered":"https:\/\/www.testpreptraining.com\/tutorial\/?page_id=40969"},"modified":"2021-05-15T11:48:10","modified_gmt":"2021-05-15T11:48:10","slug":"incident-management-and-incidents-capabilities","status":"publish","type":"page","link":"https:\/\/www.testpreptraining.ai\/tutorial\/incident-management-and-incidents-capabilities\/","title":{"rendered":"Incident management and incidents capabilities"},"content":{"rendered":"\n<p><strong><a href=\"https:\/\/www.testpreptraining.ai\/tutorial\/exam-sc-900-microsoft-security-compliance-and-identity-fundamentals\/\" target=\"_blank\" rel=\"noreferrer noopener\">Go back to Tutorial<\/a><\/strong><\/p>\n\n\n\n<p>In this, we will get to learn about the concept of Incident management and incidents capabilities.<\/p>\n\n\n\n<p>Incidents are a collection of correlated alerts created when a suspicious event is found. Alerts generate from a different device, user, and mailbox entities, and can come from many different domains. These alerts automatically aggregate by Microsoft 365 Defender. However, it&#8217;s the grouping of these related alerts that form an incident. The incident provides a comprehensive view and context of an attack.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"incident-management\"><strong>Incident management<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\"><li>Managing incidents is critical in ensuring that threats are contained and addressed. However, in Microsoft 365 Defender, you can manage incidents on devices, user accounts, and mailboxes. And, you can manage incidents by selecting one from the Incidents queue.<\/li><li>Secondly, incidents automatically assign a name based on an alert. You can edit the name of an incident, resolve it, then set its classification and determination.<\/li><li>Lastly, when you investigate cases where you want to move alerts from one incident to another, you can also do so from the Alerts tab. <\/li><\/ul>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><a href=\"https:\/\/www.testpreptraining.ai\/exam-sc-900-microsoft-security-compliance-identity-fundamentals-free-practice-test\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" src=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2021\/05\/sc-900-tests.png\" alt=\"Practice tests Incident management and incidents capabilities\"\/><\/a><\/figure><\/div>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"what-is-a-security-incident\"><strong>What is a security incident?<\/strong><\/h4>\n\n\n\n<p>Microsoft defines a security incident in its online services as a breach of security leading to the accidental or unlawful destruction, loss, alteration or access to customer data or personal data in the process by Microsoft. For example, unauthorized access to Microsoft 365 infrastructure and exfiltration of customer data would constitute a security incident. However, security incidents do not consider the compliance events that do not affect the confidentiality, integrity, or availability of services or customer data.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"how-does-microsoft-respond-to-security-incidents\"><strong>How does Microsoft respond to security incidents?<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\"><li>Firstly, whenever there is a security incident, Microsoft strives to respond quickly and effectively to protect Microsoft services and customer data. Microsoft investigates, contains, and removes security threats quickly and efficiently.<\/li><li>Secondly, Microsoft cloud services are continuously monitored for signs of compromise. In addition to automated security monitoring and alerting, all employees receive annual training to recognize and report signs of potential security incidents.<\/li><li>Thirdly, after detecting suspicious activity, service-specific Security Response teams initiate a process of\u00a0<strong>analysis, containment, eradication, and recovery<\/strong>. These teams coordinate analysis of the potential incident to determine its scope, including any impact on customers or customer data. Based on this analysis, Service-specific Security Response teams work with impacted service teams to develop a plan to contain the threat and minimize the impact of the incident.<\/li><li>Lastly, after resolving an incident, service teams implement any lessons taught from the incident to better prevent, detect, and respond to similar incidents in the future. Select security incidents, especially those that are customer-impacting or result in a data breach, undergo a full incident post-mortem. <\/li><\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"how-and-when-are-customers-notified-of-security-or-privacy-incidents\"><strong>Notifying customers for security or privacy incidents<\/strong><\/h4>\n\n\n\n<p>Whenever Microsoft becomes aware of a breach of security involving unauthorized loss, disclosure, or modification of customer data. Then, Microsoft notifies affected customers within 72 hours as outlined in the Data Protection Addendum (DPA) of the Online Services Terms (OST). The notification timeline commitment begins when the official security incident declaration occurs. Upon declaring a security incident, the notification process occurs as expeditiously as possible, without undue delay.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><a href=\"https:\/\/www.testpreptraining.ai\/exam-sc-900-microsoft-security-compliance-identity-fundamentals-practice-exam\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" src=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2021\/05\/sc-900-course.png\" alt=\"sc-900 online course\"\/><\/a><\/figure><\/div>\n\n\n\n<p><strong>Reference:<\/strong> <a href=\"https:\/\/docs.microsoft.com\/en-us\/learn\/modules\/describe-security-management-capabilities-of-microsoft-365\/5-describe-incidents-capabilities\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft Documentation<\/a>, <a href=\"https:\/\/docs.microsoft.com\/en-us\/compliance\/assurance\/assurance-incident-management\" target=\"_blank\" rel=\"noreferrer noopener\">Doc 2<\/a><\/p>\n\n\n\n<p><strong><a href=\"https:\/\/www.testpreptraining.ai\/tutorial\/exam-sc-900-microsoft-security-compliance-and-identity-fundamentals\/\" target=\"_blank\" rel=\"noreferrer noopener\">Go back to Tutorial<\/a><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Go back to Tutorial In this, we will get to learn about the concept of Incident management and incidents capabilities. Incidents are a collection of correlated alerts created when a suspicious event is found. Alerts generate from a different device, user, and mailbox entities, and can come from many different domains. These alerts automatically aggregate&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"categories":[],"tags":[],"class_list":["post-40969","page","type-page","status-publish","hentry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Incident management and incidents capabilities : Testprep Training<\/title>\n<meta name=\"description\" content=\"Upgrade your knowledge by understanding Incident management and incidents capabilities. Prepare and pass the Microsoft SC-900 Exam Now!\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.testpreptraining.ai\/tutorial\/incident-management-and-incidents-capabilities\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Incident management and incidents capabilities : Testprep Training\" \/>\n<meta property=\"og:description\" content=\"Upgrade your knowledge by understanding Incident management and incidents capabilities. Prepare and pass the Microsoft SC-900 Exam Now!\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.testpreptraining.ai\/tutorial\/incident-management-and-incidents-capabilities\/\" \/>\n<meta property=\"og:site_name\" content=\"Testprep Training Tutorials\" \/>\n<meta property=\"article:modified_time\" content=\"2021-05-15T11:48:10+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2021\/05\/sc-900-tests.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/incident-management-and-incidents-capabilities\/\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/incident-management-and-incidents-capabilities\/\",\"name\":\"Incident management and incidents capabilities : Testprep Training\",\"isPartOf\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#website\"},\"datePublished\":\"2021-05-15T11:48:09+00:00\",\"dateModified\":\"2021-05-15T11:48:10+00:00\",\"description\":\"Upgrade your knowledge by understanding Incident management and incidents capabilities. Prepare and pass the Microsoft SC-900 Exam Now!\",\"breadcrumb\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/incident-management-and-incidents-capabilities\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.testpreptraining.ai\/tutorial\/incident-management-and-incidents-capabilities\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/incident-management-and-incidents-capabilities\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Incident management and incidents capabilities\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#website\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\",\"name\":\"Testprep Training Tutorials\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.testpreptraining.ai\/tutorial\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#organization\",\"name\":\"Testprep Training\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png\",\"contentUrl\":\"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png\",\"width\":583,\"height\":153,\"caption\":\"Testprep Training\"},\"image\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Incident management and incidents capabilities : Testprep Training","description":"Upgrade your knowledge by understanding Incident management and incidents capabilities. Prepare and pass the Microsoft SC-900 Exam Now!","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.testpreptraining.ai\/tutorial\/incident-management-and-incidents-capabilities\/","og_locale":"en_US","og_type":"article","og_title":"Incident management and incidents capabilities : Testprep Training","og_description":"Upgrade your knowledge by understanding Incident management and incidents capabilities. Prepare and pass the Microsoft SC-900 Exam Now!","og_url":"https:\/\/www.testpreptraining.ai\/tutorial\/incident-management-and-incidents-capabilities\/","og_site_name":"Testprep Training Tutorials","article_modified_time":"2021-05-15T11:48:10+00:00","og_image":[{"url":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2021\/05\/sc-900-tests.png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/incident-management-and-incidents-capabilities\/","url":"https:\/\/www.testpreptraining.ai\/tutorial\/incident-management-and-incidents-capabilities\/","name":"Incident management and incidents capabilities : Testprep Training","isPartOf":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#website"},"datePublished":"2021-05-15T11:48:09+00:00","dateModified":"2021-05-15T11:48:10+00:00","description":"Upgrade your knowledge by understanding Incident management and incidents capabilities. Prepare and pass the Microsoft SC-900 Exam Now!","breadcrumb":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/incident-management-and-incidents-capabilities\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.testpreptraining.ai\/tutorial\/incident-management-and-incidents-capabilities\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/incident-management-and-incidents-capabilities\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.testpreptraining.ai\/tutorial\/"},{"@type":"ListItem","position":2,"name":"Incident management and incidents capabilities"}]},{"@type":"WebSite","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#website","url":"https:\/\/www.testpreptraining.ai\/tutorial\/","name":"Testprep Training Tutorials","description":"","publisher":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.testpreptraining.ai\/tutorial\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#organization","name":"Testprep Training","url":"https:\/\/www.testpreptraining.ai\/tutorial\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/","url":"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png","contentUrl":"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png","width":583,"height":153,"caption":"Testprep Training"},"image":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/40969","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/comments?post=40969"}],"version-history":[{"count":5,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/40969\/revisions"}],"predecessor-version":[{"id":41023,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/40969\/revisions\/41023"}],"wp:attachment":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/media?parent=40969"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/categories?post=40969"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/tags?post=40969"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}