Unsanctioning an app doesn't block use, but enables you to more easily monitor its use with the Cloud Discovery filters. You can then notify users of the unsanctioned app and suggest an alternative safe app for their use, or generate a block script using the Defender for Cloud Apps APIs to block all unsanctioned apps.
https://learn.microsoft.com/en-us/defender-cloud-apps/governance-discovery#sanctioningunsanctioning-an-app
If you unsanction an app, the next message is shown: "Tag as unsanctioned?
Apps with the Unsanctioned tag will be blocked by Microsoft Defender for Endpoint. Configure the integration settings here".
How does unsanctioning an app which effectively block access to the app give you an insight to which users access it on their device? i dont see how D is the answer to this question. I believe creating a CLOUD APP ACCESS POLICY is what is needed.
Please correct me if i am wrong
Yes B is the answer. Create a Defender for Cloud Apps access policy:
Creating a Defender for Cloud Apps access policy allows you to define conditions and settings to monitor and control access to specific cloud applications, such as Facebook. This approach helps you gain insights into user activities related to Facebook without immediately blocking or unsanctioning the application.
Answer: D. It minimizes effort. Answer B can do it in real-time and has more options, but takes longer/more effort to implement. Even if the app was native (not 3-rd party like FB which requires onboardind) the unsanction option still requires less effort.
Also, for those considering B beliving there is less effort after the setup.
Unsanctioned App (via Cloud Discovery)
Ongoing Effort: Minimal
Once unsanctioned, the app is automatically flagged in reports.
You can easily filter and monitor usage in the Cloud Discovery dashboard.
No need to maintain complex policies.
Blocking (if enabled via Defender for Endpoint) is automatic and requires little upkeep.
🛡️ Access Policy (via Conditional Access App Control)
Ongoing Effort: Moderate to High
Requires ongoing policy tuning as user behavior, risk levels, or app usage patterns change.
May need regular reviews to ensure policies are still effective and not overly restrictive.
If using session controls, you may need to monitor alerts, investigate sessions, and adjust controls.
More moving parts: Azure AD, Defender for Endpoint, and possibly user education workflows.
Answer D) From the Microsoft Defender for Cloud Apps portal, unsanction Facebook.
https://learn.microsoft.com/en-us/defender-cloud-apps/governance-discovery#sanctioningunsanctioning-an-app
You can mark a specific risky app as unsanctioned by clicking the three dots at the end of the row. Then select Unsanctioned. Unsanctioning an app doesn't block use, but enables you to more easily monitor its use with the cloud discovery filters.
I'm going B - In response to those saying D because of administrative effort: Why Access Policy Minimizes Administrative Effort:
Automated Monitoring: Once the access policy is set up, it automatically tracks and logs user activity, reducing the need for manual monitoring.
Real-Time Alerts: Access policies can be configured to provide real-time alerts on specific activities, enabling proactive management.
Comprehensive Reporting: Provides detailed reports on user activity, making it easier to identify and analyze usage patterns.
In comparison, unsanctioning Facebook (option D) would involve more ongoing manual effort to monitor and interpret usage data without the same level of automation and control.
o identify which users are accessing Facebook from their devices and browsers while minimizing administrative effort, you should first:
B. Create a Defender for Cloud Apps access policy.
A Defender for Cloud Apps access policy allows you to monitor and control user activities in cloud apps, including identifying access to unsanctioned apps like Facebook. By creating this policy, you can track user access to Facebook and enforce conditional rules if necessary.
B. Create a Defender for Cloud Apps access policy to monitor Facebook access.
This policy will track user activity on Facebook without needing extensive configuration on individual devices.
1. Unsanctioning Facebook (Discovery):
This is the first step to enable monitoring.
Log in to the Microsoft Defender for Cloud Apps portal.
Navigate to Cloud Apps and then Governance.
Locate Facebook in the list of apps.
Click the three dots next to Facebook and select Unsanctioned.
yall are stupid asf. its D. read MS documentation before coming in here and giving wrong answers like little monkeys
https://learn.microsoft.com/en-us/defender-cloud-apps/governance-discovery#sanctioningunsanctioning-an-app
Correct Answer is D:
Sanctioning/unsanctioning an app: You can mark a specific risky app as unsanctioned by clicking the three dots at the end of the row. Then select Unsanctioned. Unsanctioning an app doesn't block use, but enables you to more easily monitor its use with the Cloud Discovery filters. You can then notify users of the unsanctioned app and suggest an alternative safe app for their use, or generate a block script using the Defender for Cloud Apps APIs to block all unsanctioned apps.
https://learn.microsoft.com/en-us/defender-cloud-apps/governance-discovery#sanctioningunsanctioning-an-app
I mean it does say here on the Microsoft page itself that "Unsanctioning an app doesn't block use, but enables you to more easily monitor its use with the Cloud Discovery filters." Therefore I am leaning more to answer D. https://learn.microsoft.com/en-us/defender-cloud-apps/governance-discovery#sanctioningunsanctioning-an-app
Unsanctioning doesn't auto block it, so I don't think you're correct - https://learn.microsoft.com/en-us/defender-cloud-apps/governance-discovery#sanctioningunsanctioning-an-app
This section is not available anymore. Please use the main Exam Page.SC-300 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
kanag1
Highly Voted 1 year, 10 months agoAlcpt
1 year agoDoinitza
1 year, 4 months agoMacDanorld
Highly Voted 1 year, 6 months agoAlcpt
1 year agoHaerenhal
1 year, 6 months agoObi_Wan_Jacoby
Most Recent 1 month, 1 week agoObi_Wan_Jacoby
1 month, 1 week agoYesPlease
3 months agovixxx83
7 months agoLabelfree
7 months agoMatt19
8 months, 1 week agohml_2024
9 months, 1 week agorameshms85
1 year, 1 month agoklayytech
1 year, 1 month agoklayytech
1 year, 1 month agoKRISTINMERIEANN
1 year, 2 months ago337257e
1 year, 2 months agoSiraf
1 year, 3 months agojbraxton7
1 year, 4 months agoSneekygeek
1 year, 4 months ago[Removed]
1 year, 2 months agocpaljchc4
1 year, 4 months agoACSC
1 year, 8 months ago