Exam SC-100 topic 4 question 8 discussion

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-location https://docs.microsoft.com/en-us/power-platform/admin/restrict-access-online-trusted-ip-rules

Conditional Access Policy

C is the correct answer, 200%

C is the answer

100% answer is C

@Admin - please change answer to C. Your justification for A is that Conditional Access applies to Users not Applications, but that is exactly what the question is asking for: "You need to recommend a solution to prevent users "

I got this question in SC-300 exam too.

Yep definitely C, it's what Conditional Access Policies do

AAD Conditional Access policies, w/Named Locations

To prevent users from specific countries from connecting to the applications accessed as custom enterprise applications in Azure AD, you should include the following recommendation: C. Azure AD Conditional Access policies Azure AD Conditional Access allows you to create policies that enforce access controls based on various conditions, including location-based conditions. You can create a Conditional Access policy that restricts access to these applications for users coming from specific countries or regions. This ensures that only users from allowed countries can connect to the applications while blocking access for users from restricted countries.

100% C no doubt

C is the answer. https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/overview#common-signals Common signals that Conditional Access can take in to account when making a policy decision include the following signals: IP Location information - Organizations can create trusted IP address ranges that can be used when making policy decisions. - Administrators can specify entire countries/regions IP ranges to block or allow traffic from.

It is worth noting that there is a BIG difference between AD Conditional Access which prevents users from signing in conditionally (but not connecting) and Cloud Apps Conditional Access App Control which prevents even connecting to the application. "Conditional Access" is misleading here... I support A. Any support for my choice?

AD with conditional access will make sure you cannot access the resource if the condition-> location -> set to the specific country! https://i.ytimg.com/vi/ySzLKylcpNA/maxresdefault.jpg

Before going to Defender for Cloud Apps a CA policy is enough to allow or block access to an enterprise application. MDCA activity policy is not a session policy and it always depend from a CA policy

definitely C

Answer C