C. enable limited experiences, such as blocking download of sensitive information. https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-session

A function, not the definition of all functions, Just one....

Prompting MFA is a funciton of Conditional Access. But Enabling Limited Experiences is a function of Conditional Access session controls, as the session control only starts after successful authentication. Hence D is not, and C is right.

Correct Answer is C

"Within a Conditional Access policy, an administrator can make use of session controls to enable limited experiences within specific cloud applications" https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-session

C is the answer. https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-session Within a Conditional Access policy, an administrator can make use of session controls to enable limited experiences within specific cloud applications. Conditional Access App Control enables user app access and sessions to be monitored and controlled in real time based on access and session policies. Access and session policies are used within the Defender for Cloud Apps portal to refine filters and set actions to take. With the access and session policies, you can: - Prevent data exfiltration: You can block the download, cut, copy, and print of sensitive documents on, for example, unmanaged devices.

C is correct

As stated by many Within a Conditional Access policy, an administrator can make use of session controls to enable limited experiences within specific cloud applications.

C is the correct answer https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-session#conditional-access-application-control

enable limited experiences

D is correct for me C would be to do with app protection policy

Imma go with C ''Within a Conditional Access policy, an administrator can make use of session controls to enable limited experiences within specific cloud applications''. Source https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-session (top of page)

C is correct "Protect on download: Instead of blocking the download of sensitive documents, you can require documents to be labeled and protected with Azure Information Protection. This action ensures the document is protected and user access is restricted in a potentially risky session." Source: https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-session

Its C. Session controls limit the experiences withing specific cloud applications. Grant controls on the other hand block or grant access by requiring MFA.

C Conditional Access App Control enables user app access and sessions to be monitored and controlled in real time based on access and session policies. Access and session policies are used within the Defender for Cloud Apps portal to refine filters and set actions to take. With the access and session policies, you can: Prevent data exfiltration: You can block the download, cut, copy, and print of sensitive documents on, for example, unmanaged devices

Suggested Answer: D Conditional Access session controls enable user app access and sessions to be monitored and controlled in real time based on access and session policies. Based on this definition, the best answer for your question isB. enable limited experiences, such as blocking download of sensitive information. https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-session

Both seem to be right: https://www.bing.com/search?q=what+is+a+function+of+conditional+access+session+controls%3F+microsoft+365&form=ANNH02&refig=dce410bbd44f4732bac0672cf9b28317