Exam SC-300 All QuestionsBrowse all questions from this exam
Go to Exam
Question 202

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Amazon Web Services (AWS) account, a Google Workspace subscription, and a GitHub account.

You deploy an Azure subscription and enable Microsoft 365 Defender.

You need to ensure that you can monitor OAuth authentication requests by using Microsoft Defender for Cloud Apps.

Solution: From the Microsoft 365 Defender portal, you add the Microsoft Azure app connector.

Does this meet the goal?

    Correct Answer: B

    To monitor OAuth authentication requests using Microsoft Defender for Cloud Apps, you need to connect the relevant cloud service through an app connector. Adding only the Microsoft Azure app connector does not suffice because it only allows monitoring Azure-specific activities. Instead, to monitor OAuth authentication requests for a more comprehensive range of services, including third-party ones like Google Workspace, you need to ensure those services are connected separately. Only then will you have the necessary visibility and control over OAuth requests across your systems.

Discussion
penatunaOption: B

OAuth app management is available only after connecting one or more of the supported platforms - Microsoft 365, Google Workspace, or Salesforce. Once connected, the OAuth apps menu option will appear under Investigate. App Governance is a set of security and policy management capabilities designed for OAuth-enabled apps registered on Azure Active Directory (Azure AD), Google, and Salesforce. For more information, see App governance add-on to Defender for Cloud Apps in Microsoft 365 Defender.

penatuna

Many third-party productivity apps that might be installed by business users in your organization request permission to access user information and data and sign in on behalf of the user in other cloud apps, such as Microsoft 365, Google Workspace and Salesforce. When users install these apps, they often click accept without closely reviewing the details in the prompt, including granting permissions to the app. This problem is compounded by the fact that IT may not have enough insight to weigh the security risk of an application against the productivity benefit that it provides. Because accepting third-party app permissions is a potential security risk to your organization, monitoring the app permissions your users' grant gives you the necessary visibility and control to protect your users and your applications.

penatuna

The Microsoft Defender for Cloud Apps app permissions enable you to see which user-installed OAuth applications have access to Microsoft 365 data, Google Workspace data, and Salesforce data. Defender for Cloud Apps tells you what permissions the apps have and which users granted these apps access to their Microsoft 365, Google Workspace, and Salesforce accounts. App permissions help you decide which apps you allow your users to access and which ones you want to ban. https://learn.microsoft.com/en-us/defender-cloud-apps/manage-app-permissions

Justin0020Option: B

There are multiple instances of this question, the only right answer seems to be the Google Workspace connector: https://learn.microsoft.com/en-us/defender-cloud-apps/protect-google-workspace Only guide who speaks about OAuth.

jim85

Your are the boss, saving a lot of time figuring this out, thx!

cgonITOption: B

Correct Answer. B, No. The way to manage those third party apps is through the Microsoft Defender for Cloud Apps -> App Connector. If not, there is no way to detect and investigate them. https://learn.microsoft.com/en-us/defender-cloud-apps/manage-app-permissions

ACSCOption: B

https://learn.microsoft.com/en-us/defender-cloud-apps/manage-app-permissions

KRISTINMERIEANNOption: B

https://learn.microsoft.com/en-us/defender-cloud-apps/manage-app-permissions

rikicmOption: A

Microsoft Entra admin center