We are preparing to operate Microsoft Defender for Endpoint (MDE).
I am currently subscribed to Microsoft Defender for Office365 Plan1 (MDO).
The other day, I received a suspicious email to a specific employee stating that they would change their Microsoft 365 password.
Actually, it was an unfamiliar email, but some people found out that they had accessed the linked Web, so they instructed them to change their passwords again.
* The reason I have no idea is that in our environment, password synchronization is performed with Azure AD Connect, so it is unlikely that a password change request will come from Microsoft 365.
Here is the question.
If a suspicious email like the one above arrives and the URL in the body of the email is clicked on by a scam, is it possible for MDE to detect it as an incident?
If it can be detected, please tell me the items that must be set in MDE.
Thank you.