Exam SC-100 topic 4 question 1 discussion

This question has been updated on 8/3/22. Potential answers I'd expect to see are: A. Azure Active Directory (Azure AD) Conditional Access App Control policies B. OAuth app policies in Microsoft Defender for Cloud Apps C. app protection policies in Microsoft Endpoint Manager D. application control policies in Microsoft Defender for Endpoint Notice that only the wrong answers were changed. I'd vote D based on what I know about application control policies. https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create#windows-defender-application-control-policy-rules

The another answer for the same question is "adaptive application controls in Defender for Cloud"

To ensure that only authorized applications can run on the virtual machines and to block unauthorized applications automatically until an administrator authorizes them, you should recommend: D. Application control policies in Microsoft Defender for Endpoint Microsoft Defender for Endpoint provides application control policies that allow you to define which applications are allowed or blocked on your Windows machines. You can create rules specifying which applications are authorized to run, and any application that doesn't match these rules can be automatically blocked. This provides a strong layer of security and control over the applications running on your virtual machines.

D. application control policies in Microsoft Defender for Endpoint - Microsoft Defender for Endpoint provides a feature known as "Application Control." By using application control policies, you can specify which applications are allowed to run on machines, and all other applications not on the allowed list will be blocked. This feature directly meets the requirement described.

Its surely D

D is the answer. https://learn.microsoft.com/en-us/mem/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager prevents malicious code from running by ensuring that only approved code, that you know, can be run. Application Control is a software-based security layer that enforces an explicit list of software that is allowed to run on a PC. On its own, Application Control doesn't have any hardware or firmware prerequisites. Application Control policies deployed with Configuration Manager enable a policy on devices in targeted collections that meet the minimum Windows version and SKU requirements outlined in this article. Optionally, hypervisor-based protection of Application Control policies deployed through Configuration Manager can be enabled through group policy on capable hardware.

for sure D. MDE can implement security application policy controls to prevent installation of an application.

https://learn.microsoft.com/en-us/mem/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager

Microsoft Defender for Endpoint provides application control policies which allow administrators to define what applications are allowed to run on virtual machines, and block any unauthorized applications from running. This helps to ensure that only authorized applications can run on the virtual machines and improve the overall security posture of the environment. If an unauthorized application attempts to run or be installed, it will be blocked automatically until an administrator authorizes the application.

The link shows that Defender for EndPoint is available for virtual machines and is recommended to be used with Defender for Cloud. https://learn.microsoft.com/en-us/azure/defender-for-cloud/integration-defender-for-endpoint

"Application Control lets you strongly control what can run on devices you manage. This feature can be useful for devices in high-security departments, where it's vital that unwanted software can't run." Enable "Enforcement enabled" so that only trusted executables are allowed to run. https://learn.microsoft.com/en-us/mem/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager

Defender for Endpoint does not include server licenses. D is incorrect.

Answer is Defender for Endpoint Server so D

https://learn.microsoft.com/en-us/defender-cloud-apps/app-permission-policy

Oauth... LOL!

I agree with D. We could also use: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus?view=o365-worldwide Microsoft Defender for Endpoint is my choice.

Certainly D. https://docs.microsoft.com/en-us/defender-cloud-apps/governance-discovery#block-apps-with-defender-for-endpoint