MS-102 Exam QuestionsBrowse all questions from this exam
Go to Exam

MS-102 Exam - Question 354

HOTSPOT

-

You have a Microsoft 365 E5 subscription.

The subscription contains users that have devices onboarded to Microsoft Defender for Endpoint. Defender for Endpoint is configured to forward signals to Microsoft Defender for Cloud Apps.

Cloud Discovery identifies a risky web app named App1.

You need to block users from connecting to Appl from Microsoft Edge. Users must be able to bypass the restriction.

Which type of app tag should you use. and what should you configure to integrate Defender for Endpoint with Defender for Cloud Apps? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Exam MS-102 Question 354
Show Answer
Correct Answer:
Exam MS-102 Question 354

Discussion

3 comments
Sign in to comment
JohnDoe47
Nov 3, 2024

App tag type: Monitored (Not unsanctioned. Unsanctioned in combination with Microsoft Defender for Endpoint blocks the app. https://learn.microsoft.com/en-us/defender-cloud-apps/governance-discovery#blocking-apps-with-built-in-streams "Monitored" is a soft block allowing users to bypass it. https://jeffreyappel.nl/warn-monitor-users-for-shadow-it-usage-with-cloud-app-security/ Integrate by configuring: Enforce App Access

BJS78
Jan 14, 2025

"Unsanctioned" is a hard block, no bypass possible, so only Monitoring (soft block, bypass possible) is the way to go.

BigO76
Jan 15, 2025

also here https://learn.microsoft.com/en-us/defender-cloud-apps/mde-govern#educate-users-when-accessing-risky-apps "Defender for Cloud Apps uses the built-in Monitored app tag to mark cloud apps as risky for use. The tag is available on both the Cloud Discovery and Cloud App Catalog pages. By enabling the integration with Defender for Endpoint, you can seamlessly warn users on access to monitored apps with a single click in the Defender for Cloud Apps portal."

SummerK
Mar 24, 2025

JohnDoe is correct: The Monitored App tag helps track risky web apps. Configuring Enforce app access ensures that access to App1 is restricted but still allows for bypass options based on your configuration.

7d01a47
Oct 23, 2024

App Tag Type: Unsanctioned Integrate by Configuration: Enforce app access

indope94
Dec 4, 2024

To block access to a risky web app using Microsoft Defender for Cloud Apps and Microsoft Defender for Endpoint, follow these steps: App Tag Type: Unsanctioned: Label the app as "Unsanctioned" to indicate that it is not approved for use within the organization. https://learn.microsoft.com/en-us/defender-cloud-apps/mde-govern?utm_source=chatgpt.com Configure Integration: In the Microsoft 365 Defender portal, go to Settings > Cloud Apps > Cloud Discovery > Microsoft Defender for Endpoint. Enable the Enforce app access option to block access to unapproved apps through Defender for Endpoint. https://learn.microsoft.com/en-us/defender-cloud-apps/mde-govern?utm_source=chatgpt.com

IvanDJ
Apr 19, 2025

Users must be able to bypass the restriction !!! - Monitored - Enforce app access