You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: learn-pr/wwl-sci/security-copilot-exercises/includes/8-explore-embedded-defender-xdr.md
+3-2Lines changed: 3 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -3,6 +3,7 @@ In this exercise, you investigate an incident in Microsoft Defender XDR. As part
3
3
> [!NOTE]
4
4
> The environment for this exercise is a simulation generated from the product. As a limited simulation, links on a page may not be enabled and text-based inputs that fall outside of the specified script may not be supported. A pop-up message displays stating, "This feature is not available within the simulation." When this occurs, select OK and continue the exercise steps.
5
5
>
6
+
>
6
7
>:::image type="content" source="../media/simulation-pop-up-error.png" alt-text="Screenshot of pop-up screen indicating that this feature isn't available within the simulation.":::
7
8
8
9
@@ -13,7 +14,7 @@ For this exercise, you're logged in as Avery Howard and have the Copilot owner r
13
14
This exercise should take approximately **30** minutes to complete.
14
15
15
16
> [!NOTE]
16
-
> When a lab instruction calls for opening a link to the simulated environment, we recommended that you open the link in a new browser window so that you can simultaneously view the instructions and the exercise environment. To do so, select the right mouse key and select the option.
17
+
> When a lab instruction calls for opening a link to the simulated environment, it's recommended that you open the link in a new browser window so that you can simultaneously view the instructions and the exercise environment. To do so, select the right mouse key and select the option.
17
18
18
19
#### Task: Explore Incident summary and guided responses
19
20
@@ -43,7 +44,7 @@ This exercise should take approximately **30** minutes to complete.
43
44
44
45
1. There's much information on the page, so to get a better view of this alert, select **Open alert page**. It's on the third panel on the alert page, next to the incident graph and below the alert title.
45
46
46
-
1. On the top of the page, is card for the device parkcity-win10v. Select the ellipses and note the options. Select **Summarize**. Copilot generates a **Device summary**. It's worth nothing that there are many ways you can access device summary and this way is just one convenient method. The summary shows the device is a VM, identifies the owner of the device, it shows its compliance status against Intune policies, and more.
47
+
1. On the top of the page, is card for the device **parkcity-win10v**. Select the ellipses and note the options. Select **Summarize**. Copilot generates a **Device summary**. It's worth nothing that there are many ways you can access device summary and this way is just one convenient method. The summary shows the device is a VM, identifies the owner of the device, it shows its compliance status against Intune policies, and more.
47
48
48
49
1. Next to the device card is a card for the owner of the device. Select **parkcity\jonaw**. The third panel on the page updates from showing details of the alert to providing information about the user. In this case, *Jonathan Wolcott*, an account executive, whose Insider risk severity is classified as *High*. These details aren't surprising given what you learned from the Copilot incident and alert summaries. Select **Summarize** to obtain an identity summary generated by Copilot.
0 commit comments