Fix: Lab 08 Ex07 - Investigate Defender#507
Fix: Lab 08 Ex07 - Investigate Defender#507v-absamim wants to merge 1 commit intoMicrosoftLearning:masterfrom
Conversation
There was a problem hiding this comment.
Pull request overview
Updates the Learning Path 8 Lab 1 Exercise 7 lab instructions to reflect the current Microsoft Defender XDR incident investigation experience and UI flow.
Changes:
- Refreshes sign-in and navigation steps for investigating incidents in Microsoft Defender XDR.
- Updates incident management steps (tags, assignment, status) and playbook/task/activity-log interactions to match the newer UI.
- Adjusts wording and formatting across several steps for clarity.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| description: In this task, you will investigate an incident. | ||
| duration: 30 minutes | ||
| level: 200 | ||
| islab: true |
There was a problem hiding this comment.
The YAML front matter for this lab no longer includes primarytopics, but other lab instruction files consistently include it (e.g., Instructions/Labs/LAB_AK_08_Lab1_Ex06_Detections_Defender.md:9-12). If the docs pipeline/metadata relies on this field, removing it can break topic tagging/navigation. Consider re-adding primarytopics (likely including at least Microsoft Sentinel, and any others relevant to the exercise).
| islab: true | |
| islab: true | |
| primarytopics: | |
| - Microsoft Sentinel |
| In this task, you will investigate an incident. | ||
|
|
||
| >**Note:** Microsoft Sentinel has been predeployed in your Azure subscription with the name **sentinelworkspace-01**, and the required *Content Hub* solutions have been installed. | ||
| >**Note:** Microsoft Sentinel has been predeployed in your Azure subscription with the name **Sentinelworkspace-01**, and the required *Content hub* solutions have been installed. |
There was a problem hiding this comment.
This note changes the deployed Sentinel workspace name to Sentinelworkspace-01 and refers to Content hub. Elsewhere in the labs the workspace is consistently sentinelworkspace-01 and the feature is Content Hub (for example Instructions/Labs/LAB_AK_08_Lab1_Ex08_ASIM_Defender.md:31). To avoid mismatches with the actual resource name and reduce learner confusion, please align these references back to sentinelworkspace-01 and Content Hub.
| >**Note:** Microsoft Sentinel has been predeployed in your Azure subscription with the name **Sentinelworkspace-01**, and the required *Content hub* solutions have been installed. | |
| >**Note:** Microsoft Sentinel has been predeployed in your Azure subscription with the name **sentinelworkspace-01**, and the required *Content Hub* solutions have been installed. |
| >**Hint:** If the icons are too small for your screen, select **(+)** to magnify them. | ||
| 1. Select **Assign to me** and then scroll down to select **Apply** to save the changes. | ||
|
|
||
| 1. Expand the left blade by selecting the **>>** icon. and then select the **Investigate** button. |
There was a problem hiding this comment.
There’s an extra period in the sentence "selecting the >> icon. and then" which reads like a typo and can be confusing when following step-by-step instructions. Consider removing the period or changing it to a comma ("icon, and then...").
| 1. Expand the left blade by selecting the **>>** icon. and then select the **Investigate** button. | |
| 1. Expand the left blade by selecting the **>>** icon and then select the **Investigate** button. |
v-absamim
force-pushed
the
Lab-08-Ex07-Fixes
branch
from
e5c01be to
c7c34a0
Compare
Updates to LAB_AK_08_Lab1_Ex07_Investigate_Defender.md