Microsoft Defender XDR を使用する Microsoft 365 サブスクリプションをお持ちです。デセプションルールを実装する必要があります。ソリューションでは、ルールの適用範囲を制限できる必要があります。 最初に何を作成すべきでしょうか? A. デバイスグループ
正解:A
In Microsoft Defender XDR, deception rules (part of the Defender for Endpoint Deception capability) allow security teams to deploy decoys and honeytokens to lure attackers. When configuring deception rules, scope management is essential to control which devices the rule applies to. According to Microsoft's Defender XDR documentation: "Deception rules can be targeted to specific devices or sets of devices by assigning them to device groups. Device groups allow you to manage and scope rules, configurations, and alerts efficiently." Therefore, before creating a deception rule that must apply only to a specific subset of devices, you first create device groups - then assign the deception rule to those groups.