Summary and knowledge check

  • 5 minutes

In this module, you learned how Microsoft 365 investigates, manages, and responds to security concerns to protect customers and the Microsoft 365 cloud environment.

Now that you have completed this module, you should be able to:

  • Describe Microsoft's Assume Breach Strategy and Defense-in-Depth approach to security
  • Explain how Microsoft defines a Security Incident, the federated model that Microsoft uses for Security Incident Response across the organization, and how customers and Microsoft share responsibility for security in the cloud.
  • Describe how Microsoft prepares to deal with security issues through training, testing, and knowledge sharing.
  • Describe how the Security Incident Response team detects and analyzes potential security issues.
  • Describe how issues are contained, eradicated, and how recovery is handled.
  • Describe how Microsoft incorporates lessons from security incidents into our processes and procedures.
  • Explain how and when Microsoft will notify your organization in the event a Security Incident affects your tenant.

Check your knowledge

1.

Which phase of the Microsoft Online Services Incident Response Process is aimed at minimizing the impact of the security incident and removing the threat from the environment?

2.

Which statement about the Microsoft Online Services Incident Response Process is true?

3.

Depending on the nature of the incident, the Microsoft Online Services security response team and service teams may engage security partners and subject matter experts from other organizations within Microsoft for investigative assistance. Which team do they work with for support on externally reported vulnerabilities?