https://www.youtube.com/watch?v=vTPXei_0l6k
When incidents occur on device endpoints you can view and manage these using the Defender for Endpoint tools in the Microsoft 365 Security Center. This video provided an overview of what happens when incidents are created and how to view their details and manage them from the administration console.
You will find the PowerShell scripts used to generate the device incidents here – https://github.com/directorcia/office365
CIAOPS 