Classify and analyze data by using entities
Run hunting queries manually
Analyze Microsoft Defender for Cloud threat intelligence reports
Manage and use threat indicators
Create custom hunting queries
Manage incidents across Microsoft 365 Defender products
Manage security alerts and incidents
Manage and use watchlists
Track incident metrics using the security operations efficiency workbook
Identify and remediate security risks related to Active Directory Domain Services using Microsoft Defender for Identity
Remediate alerts and incidents by using Microsoft Defender for Cloud recommendations
Define incident creation logic
View and analyze Microsoft Sentinel data using workbooks
Identify and remediate security risks related to Azure Active Directory events
Design and configure workflow automation in Microsoft Defender for Cloud
Identify and remediate security risks related to conditional access events