You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Cloud Apps.
You need to identify which users access Facebook from their devices and browsers. The solution must minimize administrative effort.
What should you do first?
You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Cloud Apps.
You need to identify which users access Facebook from their devices and browsers. The solution must minimize administrative effort.
What should you do first?
To identify which users access Facebook from their devices and browsers with minimal administrative effort, you should create a Defender for Cloud Apps access policy. This allows you to monitor and control user activity on Facebook by setting up specific rules and conditions. This approach directly leverages the capabilities of Microsoft Defender for Cloud Apps and ensures targeted monitoring without unnecessary complexity.
The correct answer is B. Create a Defender for Cloud Apps access policy. According to the web search results, a Defender for Cloud Apps access policy is a rule that allows you to control and monitor the access to cloud apps from unmanaged devices or browsers1. You can use an access policy to identify which users access Facebook from their devices and browsers by creating a rule that matches the app name, the device type, and the browser type, and then applying an action such as Block, Allow, or Monitor2. You can also configure alerts and notifications for the access policy to get more visibility into the user activity3.
nope. Answer is B. FB is defined as an app to monitor. Less configs, less effort than DCA.
nope. Answer is A. FB is defined as an app to monitor. Less configs, less effort than DCA.
Correct answer
To identify which users access Facebook from their devices and browsers with minimal administrative effort, you should first unsanction Facebook from the Microsoft 365 Defender portal1. By tagging apps in Cloud App Security as unsanctioned, those app domains are then pushed to Microsoft Defender ATP as custom network indicators in near real-time1. This is a single-click control that can significantly improve security posture and save time1. So, the correct answer is A. From the Microsoft 365 Defender portal, unsanction Facebook.
The best answer is A. From the Microsoft 365 Defender portal, unsanction Facebook.
Question didn't ask you to block Facebook, just check who is using it. This can be viewed from the discovered app list or create a policy to send notifications
https://learn.microsoft.com/en-us/defender-cloud-apps/governance-discovery
#B To identify which users access Facebook from their devices and browsers while minimizing administrative effort within a Microsoft 365 E5 subscription that uses Microsoft Defender for Cloud Apps, the most suitable option is: B. Create a Defender for Cloud Apps access policy. Microsoft Defender for Cloud Apps (formerly known as Microsoft Cloud App Security) allows you to create access policies to control and monitor user access to various cloud applications, including Facebook. By creating an access policy, you can specify conditions under which users can access Facebook and monitor their activities without directly affecting the application's sanction status or resorting to other configurations like Conditional Access or Intune policies. Option B enables you to specifically target Facebook usage without affecting other applications or requiring additional configuration outside of Defender for Cloud Apps. Therefore, it aligns with the requirement of minimizing administrative effort.
1. Unsanctioning Facebook (Discovery): This is the first step to enable monitoring. Log in to the Microsoft Defender for Cloud Apps portal. Navigate to Cloud Apps and then Governance. Locate Facebook in the list of apps. Click the three dots next to Facebook and select Unsanctioned.
Question didn't ask you to block Facebook, just check who is using it.
Answer B
On the exam 7/18/24, answered B The question is asking to "identify which users access Facebook " users, not enforce policies to restrict access. All other options are trying to trip you up!