You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: learn-pr/wwl-sci/security-copilot-exercises/includes/8-explore-embedded-defender-xdr.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,10 +1,10 @@
1
1
In this exercise, you investigate an incident in Microsoft Defender XDR. As part of the investigation, you explore the key features of Copilot in Microsoft Defender XDR, including incident summary, device summary, script analysis, and more. You also pivot your investigation to the standalone experience and use the pin board as a way to share details of your investigation with your colleagues.
2
2
3
3
> [!NOTE]
4
-
> The environment for this exercise is a simulation generated from the product. As a limited simulation, links on a page may not be enabled and text-based inputs that fall outside of the specified script may not be supported. A pop-up message will display stating, "This feature is not available within the simulation." When this occurs, select OK and continue the exercise steps.
4
+
> The environment for this exercise is a simulation generated from the product. As a limited simulation, links on a page might not be enabled and text-based inputs that fall outside of the specified script might not be supported. A pop-up message displays stating, "This feature is not available within the simulation." When this message appears, select OK and continue the exercise steps.
5
5
>:::image type="content" source="../media/simulation-pop-up-error.png" alt-text="Screenshot of pop-up screen indicating that this feature is not available within the simulation.":::
6
6
>
7
-
> Also, Microsoft Security Copilot was previously referred to as Microsoft Copilot for Security. Throughout this simulation, you'll find that the user interface still reflects the original name.
7
+
> Also, Microsoft Security Copilot was previously referred to as Microsoft Copilot for Security. Throughout this simulation, you might find that the user interface still reflects the original name.
8
8
9
9
### Exercise
10
10
@@ -13,7 +13,7 @@ For this exercise, you're logged in as Avery Howard and have the Copilot owner r
13
13
This exercise should take approximately **30** minutes to complete.
14
14
15
15
> [!NOTE]
16
-
> When a lab instruction calls for opening a link to the simulated environment, it is generally recommended that you open the link in a new browser windowso that you can simultaneously view the instructions and the exercise environment. To do so, select the right mouse key and select the option.
16
+
> When a lab instruction calls for opening a link to the simulated environment, we recommended that you open the link in a new browser window. Doing so allows you to simultaneously view the instructions and the exercise environment. To do so, select the right mouse key and select the option.
17
17
18
18
#### Task: Explore Incident summary and guided responses
19
19
@@ -43,7 +43,7 @@ This exercise should take approximately **30** minutes to complete.
43
43
44
44
1. There's a lot of information on the page, so to get a better view of this alert, select **Open alert page**. It's on the third panel on the alert page, next to the incident graph and below the alert title.
45
45
46
-
1. On the top of the page, is card for the device parkcity-win10v. Select the ellipses and note the options. Select **Summarize**. Copilot generates a **Device summary**. It's worth nothing that there are many ways you can access device summary and this way is just one convenient method. The summary shows the device is a VM, identifies the owner of the device, it shows its compliance status against Intune policies, and more.
46
+
1. On the top of the page, is card for the device parkcity-win10v. Select the ellipses and note the options. Select **Summarize**. Copilot generates a **Device summary**. It's worth noting that there are many ways you can access device summary and this way is just one convenient method. The summary shows the device is a VM, identifies the owner of the device, it shows its compliance status against Intune policies, and more.
47
47
48
48
1. Next to the device card is a card for the owner of the device. Select **parkcity\jonaw**. The third panel on the page updates from showing details of the alert to providing information about the user. In this case, Jonathan Wolcott, an account executive, whose Microsoft Entra ID risk and Insider risk severity are classified as high. These details aren't surprising given what you learned from the Copilot incident and alert summaries. Select the ellipses then select **Summarize** to obtain an identity summary generated by Copilot.
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments