ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-101 All Questions

View all questions & answers for the MS-101 exam
Go to Exam

Exam MS-101 topic 2 question 7 discussion

Actual exam question from Microsoft's MS-101
Question #: 7
Topic #: 2
[All MS-101 Questions]

Your company has a Microsoft 365 subscription that uses an Azure Active Directory (Azure AD) tenant named contoso.com.
The company purchases a cloud app named App1 that supports Microsoft Defender for Cloud Apps monitoring.
You configure App1 to be available from the My Apps portal.
You need to ensure that you can monitor App1 from Defender for Cloud Apps.
What should you do?

  • A. From the Azure Active Directory admin center, create a conditional access policy.
  • B. From the Azure Active Directory admin center, create an app registration.
  • C. From the Endpoint Management admin center, create an app protection policy.
  • D. From the Endpoint Management admin center, create an app configuration policy.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Nevermore929 at Sept. 9, 2022, 3:28 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
B0bacer
Highly Voted 2 years, 8 months ago
Selected Answer: A
A. From the Azure Active Directory admin center, create a conditional access policy. Microsoft Defender for Cloud Apps builds on Azure AD conditional access policies to enable real-time monitoring and control of granular actions with SaaS apps, such as blocking downloads, uploads, copy and paste, and printing. https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/mcas-saas-access-policies?view=o365-worldwide
upvoted 9 times
...
Maroslaw
Most Recent 1 year, 10 months ago
A is almost correct, it should be not "conditional access policy" but "conditional access app control"...
upvoted 1 times
...
RenegadeOrange
2 years, 8 months ago
A is correct. > First, in Azure AD, create a new conditional access policy and configure it to "Use Conditional Access App Control." This redirects the request to Defender for Cloud Apps. You can create one policy and add all SaaS apps to this policy. Next, in Defender for Cloud Apps, create session policies. Create one policy for each control you want to apply. > https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/mcas-saas-access-policies?view=o365-worldwide
upvoted 4 times
...
Nevermore929
2 years, 9 months ago
It doesn't seem like conditional access would be the answer, but it is: "To enable CASB in SaaS apps you must configure single sign-on (SSO) of the SaaS app with Defender for Cloud Apps or Azure AD. I recommend you use Azure AD because it is easier as many of you might use Azure AD for SSO already. To set up SSO with Azure AD, you must configure a conditional access policy to trigger session monitoring. Azure AD then passes the session to Defender for Cloud Apps instead of the SaaS app after authenticating the user. Using conditional access requires Azure AD Premium P1. "
upvoted 2 times
ajiejeng
2 years, 9 months ago
so its not inthe choices then?
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel