Questio n Part 1: Which types of files can you use for the custom lure? Answer: EXE, XLSX, and PDF According to your screenshot (File types drop-down), you can use the following file types for a custom lure in Microsoft Defender XDR deception rules: EXE XLSX PDF You can select any combination of these, so EXE, XLSX, and PDF are all supported as custom lure file types. Questio n Part 2: In which home directory should the file be located on a device? Answer: The Active Directory user When you set the Planting path to HOME in a deception rule, the file should be planted in the home directory of a user. According to the available drop-down options and Microsoft documentation, the typical recommended choice for corporate environments (and specifically for most deception scenarios) is "The Active Directory user". This ensures the lure is placed where the intended target (a domain user) is likely to encounter it.