076: Remediate risk signals from Identity Protection & MDI
Overview
Triage and address initial risk signals generated by Microsoft Defender for Identity and Entra Identity Protection. Incorporate these signals into secops playbooks. Ensure that the SOC understands the risk signals that are being ingested, how they should be used, and what they represent. Ensure that the SOC has reviewed the Entra security operations guide and built alerts and dashboards based on the content.
Ensure that risks are closed out when the SOC has completed working on a risk event. This helps ensure that data in the Entra portal is accurate and risk detections are being dealt with properly.