Exam SC-100 topic 4 question 23 discussion

For this specific question I prefer to answer 'OAuth app policies in Microsoft Defender for Cloud Apps' if there is any such option available; based on Microsoft reference. Reference: https://learn.microsoft.com/en-us/defender-cloud-apps/app-permission-policy "You can set the policy based on the group memberships of the users who authorized the apps. For example, an admin can decide to set a policy that revokes uncommon apps if they ask for high permissions, only if the user who authorized the permissions is a member of the Administrators group." However I found same question several times when this option is not at all available. In that case, I would go with 'application control policies in Microsoft Defender for Endpoint' or 'adaptive application controls in Defender for Cloud'. Suggestion please.

Adaptive application controls of Microsoft Defender for Cloud improve compliance with local security policies that dictate the use of only licensed software. However key condition is in the question 'If an unauthorized application attempts to run or to be installed the application must be blocked automatically until an administrator authorizes the application' in question. Reference: https://learn.microsoft.com/en-us/defender-cloud-apps/app-permission-policy "You can set the policy based on the group memberships of the users who authorized the apps. For example, an admin can decide to set a policy that revokes uncommon apps if they ask for high permissions, only if the user who authorized the permissions is a member of the Administrators group." And Defender for Cloud Apps is part of Azure 365 Defender. Therefore it should be A

This is the 5th time this question is listed and the answer for this occurrence is different than other ones.

C. Application control policies in Microsoft Defender for Endpoint Application control policies, also known as application whitelisting, allow you to specify which applications are authorized to run on your virtual machines and block all others. If an unauthorized application attempts to run, it will be blocked until an administrator authorizes it. This control provides a strong layer of security against unapproved or potentially malicious applications. The other options (A, B, and D) are not primarily designed for controlling which applications can run on Windows Server virtual machines in your Azure subscription

With answer C, i do not see where there is reference indicating admin approval for blocked apps. A is the answer: https://learn.microsoft.com/en-us/defender-cloud-apps/app-permission-policy

C is the answer. https://learn.microsoft.com/en-us/mem/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager prevents malicious code from running by ensuring that only approved code, that you know, can be run. Application Control is a software-based security layer that enforces an explicit list of software that is allowed to run on a PC. On its own, Application Control doesn't have any hardware or firmware prerequisites. Application Control policies deployed with Configuration Manager enable a policy on devices in targeted collections that meet the minimum Windows version and SKU requirements outlined in this article. Optionally, hypervisor-based protection of Application Control policies deployed through Configuration Manager can be enabled through group policy on capable hardware.

This is the other version of the same question I have seen and the answer was A: "You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled. The Azure subscription contains 50 virtual machines. Each virtual machine runs different applications on Windows Server 2019. You need to recommend a solution to ensure that only authorized applications can run on the virtual machines. If an unauthorized application attempts to run or be installed, the application must be blocked automatically until an administrator authorizes the application. Which security control should you recommend? A. adaptive application controls in Defender for Cloud B. app protection policies in Microsoft Endpoint Manager C. OAuth app policies in Microsoft Defender for Cloud Apps D. Azure Active Directory (Azure AD) Conditional Access App Control policies"

App Control for apps on endpoints. Whereas, oauth policies allow you to ban/disable Azure Cloud Enterprise Applications.

Application Control lets you strongly control what can run on devices you manage. This feature can be useful for devices in high-security departments, where it's vital that unwanted software can't run.

It is C

C 4 sure

C is the correct. MDCA does not control the servers. Microsoft Defender does

Application control is the correct answer.

Application Control is a software-based security layer that enforces an explicit list of software that is allowed to run on a PC https://learn.microsoft.com/en-us/mem/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager

C is the correct answer

Its C Application control policies https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview