ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-101 All Questions

View all questions & answers for the MS-101 exam
Go to Exam

Exam MS-101 topic 3 question 126 discussion

Actual exam question from Microsoft's MS-101
Question #: 126
Topic #: 3
[All MS-101 Questions]

HOTSPOT -
You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Cloud Apps.
You need to create a policy that will generate an email alert when a banned app is detected requesting permission to access user information or data in the subscription.
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: OAuth app -
In addition to the existing investigation of OAuth apps connected to your environment, you can set permission policies so that you get automated notifications when an OAuth app meets certain criteria. For example, you can automatically be alerted when there are apps that require a high permission level and were authorized by more than 50 users.

Box 2: Permission level -
OAuth app policies enable you to investigate which permissions each app requested and which users authorized them for Office 365, Google Workspace, and
Salesforce. You're also able to mark these permissions as approved or banned. Marking them as banned will revoke permissions for each app for each user who authorized it.
Reference:
https://docs.microsoft.com/en-us/defender-cloud-apps/app-permission-policy
by reastman66 at Oct. 15, 2022, 12:31 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
bac0n
Highly Voted 2 years, 6 months ago
Answer appears to be incorrect. The policy is indeed an OAuth app policy, but the filter type is not Permission level, it's App State. Here you can configure App state equals Banned and go from there. Permission level just seems to indicate severity...
upvoted 8 times
JakeLi
2 years, 5 months ago
App State for Filter type for sure.
upvoted 2 times
...
...
NitishKarmakar
Most Recent 1 year, 9 months ago
As bac0n rightfully said and tested in my tenant. 1. Oath Apps- Manage OAuth apps >Create OAuth app policy > 2. Create filters for the policy > App state - equals - banned
upvoted 1 times
...
Kees1990
2 years, 3 months ago
Oauth app policy appstate tested on my tenant and is the only police where you can block on "banned"
upvoted 1 times
...
renrenren
2 years, 3 months ago
Answer is correct base on the link provided: "You're also able to mark these permissions as approved or banned. Marking them as banned will disable the correlating Enterprise Application."
upvoted 1 times
...
Meebler
2 years, 3 months ago
Policy type: Activity Filter type: Permission level Microsoft Defender for Cloud Apps is a cloud access security broker (CASB) solution that provides visibility and control over your cloud applications. It allows you to create policies that monitor user activities and generate alerts when specific events occur. To create the policy, follow these steps: 1)Go to the Microsoft Defender for Cloud Apps portal (https://securitycenter.windows.com/). 2)In the left navigation pane, click on Policies. 3)Click on Create policy. 4)Under Policy settings, select the Activity policy type. 5)Under Activities, select OAuth app. 6)Under Filters, select Permission level. 7)Under Permission level, select the option to alert when an OAuth app requests permissions that require admin consent. 8)Under Actions, select the option to send an email notification. 9)Enter the email address of the recipient who should receive the email alert. 10)Click on Create.
upvoted 1 times
Meebler
2 years, 3 months ago
With this policy in place, when a banned app requests permission to access user information or data in the Microsoft 365 subscription, an email alert will be sent to the specified recipient. Note that you will need to have configured Microsoft Defender for Cloud Apps and added the banned apps to the list of blocked apps for this policy to work properly.
upvoted 1 times
...
Meebler
2 years, 3 months ago
@bac0n, while the "App state" filter type could also be used to create a policy that detects a banned app requesting permission to access user information or data in the subscription, it may not be the most appropriate filter type for this scenario. The "App state" filter type is used to filter activities based on whether the app is approved or not. This means that it would only detect when a banned app is already in use, rather than when it is requesting access. On the other hand, the "Permission level" filter type is used to filter activities based on the level of permissions requested by the app. This means that it would detect when a banned app is requesting access to user information or data, even if it has not yet been approved or denied. Therefore, using the "Permission level" filter type is more appropriate for detecting when a banned app requests permission to access user information or data in the subscription.
upvoted 1 times
...
...
EsamiTopici
2 years, 4 months ago
OAuth App- App State?
upvoted 1 times
...
reastman66
2 years, 8 months ago
This looks to be correct based on this link. https://learn.microsoft.com/en-us/defender-cloud-apps/app-permission-policy
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel