Exam MS-100 topic 2 question 33 discussion

Yes ATP, but here you guys mention the wrong ATP, it should be called either Office 365 ATP, or Microsoft 365 ATP. Windows Defender ATP will not take care of malicious files within SharePoint Online.

I agree with both remarks: indeed you can enable malware detection in Cloud App Security, but you need an Office 365 ATP license. Since that is not mentioned, in this case the answer should be A. See: https://docs.microsoft.com/en-us/cloud-app-security/anomaly-detection-policy

I vote A

Office 365 Cloud App Security is a comprehensive security management and threat protection service that can be used to detect and respond to potential security threats in Microsoft 365, including SharePoint Online. It allows you to create policies that monitor activity and generate alerts based on specific criteria, such as the detection of malware in SharePoint documents.

It's B. Nowadays this policy is made in the Purview portal (compliance.microsoft.com), under Alerts > New Alert policy: Activity is: Detected malware in file (description: Office 365 detected malware in either a SharePoint or OneDrive file). Learn more link in the top of the Alert Policy page brings you to an article that reads you need Defender for this. https://learn.microsoft.com/en-us/microsoft-365/compliance/alert-policies?redirectSourcePath=%252farticle%252f8927b8b9-c5bc-45a8-a9f9-96c732e58264&view=o365-worldwide

cloud app security

The answer is A: You can test it! Cloud App Security Portal--> Control--> Policies--> Activity type equals "Malware detected in file'

Many years in this needs to be correct with B with appropriate name Microsoft Defender for Office 365.

it should be a

it should be A based on: https://docs.microsoft.com/en-us/defender-cloud-apps/editions-cloud-app-security-o365 "Threat Detection Anomaly detection and behavioral analytics"

B is correct however it is not Windows Defender ATP (Now named Microsoft Defender for Endpoint) but rather Microsoft Defender for Office 365 (Previously named Office 365 ATP). Windows Defender ATP would have never worked in this scenario since it is a client antivirus/anti-malware solution and Defender for Cloud Apps monitors connecting cloud apps e.g. abnormal data upload/download or new OAuth app connections

B is the correct, stop voting A.

B is the right answer. Stop voting A

ATP is the answer

The Answer is B, and the reason it is B is: "Tip Originally launched as Windows Defender ATP, in 2019, this EDR product was renamed Microsoft Defender ATP. At Ignite 2020, we launched the Microsoft Defender for Cloud XDR suite, and this EDR component was renamed Microsoft Defender for Endpoint. " Source: https://docs.microsoft.com/en-us/azure/defender-for-cloud/integration-defender-for-endpoint?tabs=windows

Please check: https://docs.microsoft.com/en-us/defender-cloud-apps/editions-cloud-app-security-o365 Office 365 Cloud App Security is a subset of Microsoft Defender for Cloud Apps that provides enhanced visibility and control for Office 365. Office 365 Cloud App Security includes threat detection based on user activity logs, discovery of Shadow IT for apps that have similar functionality to Office 365 offerings, control app permissions to Office 365, and apply access and session controls.

Microsoft Cloud App Security is now called Microsoft Defender for Cloud Apps. Defender for Cloud Apps supports malware detection for the following apps: Box Dropbox Google Workspace Office 365 (requires a valid license for Microsoft Defender for Office 365 P1) https://docs.microsoft.com/en-us/cloud-app-security/anomaly-detection-policy