Which feature in the Microsoft 365 Defender portal allows you to detect devices that have triggered a malware alert?

The feature that allows you to detect devices that have triggered a malware alert is Advanced hunting. Advanced hunting is a powerful query-based search tool within the Microsoft 365 Defender portal. It enables security analysts to proactively search for threats across their organization by using the vast amounts of data collected by Microsoft 365 services.

With Advanced hunting, you can construct specific queries to filter through various security data sources, including alerts, incidents, and device information. This can help you pinpoint which devices triggered malware alerts, as it allows you to explore the raw telemetry data, such as events and alerts, associated with those devices.

In contrast, remediation focuses on addressing and mitigating the effects of identified threats rather than detecting them. The incidents feature aggregates alerts that might be related to the same threat but does not provide the level of detail necessary for direct detection of affected devices. Investigations provide a structured way to analyze security incidents but do not specifically serve as a detection tool for malware alerts on devices.

Therefore, Advanced hunting stands out as the most suitable feature for detecting devices linked to malware alerts in the Microsoft 365 Defender portal.