You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Cloud Apps and Yammer.
You need prevent users from signing in to Yammer from high-risk locations.
What should you do in the Microsoft Defender for Cloud Apps portal?
You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Cloud Apps and Yammer.
You need prevent users from signing in to Yammer from high-risk locations.
What should you do in the Microsoft Defender for Cloud Apps portal?
To prevent users from signing in to Yammer from high-risk locations, you need to create an access policy in the Microsoft Defender for Cloud Apps portal. Access policies allow you to enforce controls based on the conditions such as user location, device type, and more. Specifically, in this scenario, you can configure access policies to block or limit access to Yammer based on the geographical location of the sign-in attempt, effectively preventing users from high-risk locations from accessing the service. Other types of policies, such as activity or anomaly detection policies, do not provide the same capability to control sign-in based on location directly.
A - Access Policy
correct
Agree. Access Policy which uses conditional access app control. I see there is also a method with an activity policy but I'm not sure it exactly meets the requirements: App...equals...'name of app' Activity - IP address... category...equals... risky Governance action - suspend user in app
Create an access policy. based on user risk level!
Access Policy
OK, it sounds a bit heretical, but: I can configure named locations for high-risk countries and create a CAP for Yammer cloud app specifically. Where is this setting in Defender Cloud Apps? I can confifure Cloud Apps access policy and specify Location, but I cannot specify Yammer as the only target app in scope.
Anomaly detection as per: https://learn.microsoft.com/en-us/defender-cloud-apps/anomaly-detection-policy
disregard my comment. Given answer is CORRECT. Not anomaly detection between that does not prevent users from signing-in! '
seems correct https://learn.microsoft.com/en-us/defender-cloud-apps/access-policy-aad
I would say in MCAS this is part of Conditional Access policies, rather than threat detection. The keyword in the question being "risky". Hence I would go for D "Anomaly Detection" since that covers locations and risky IPs, as per the documentation https://learn.microsoft.com/en-us/defender-cloud-apps/anomaly-detection-policy
disregard my comment. Given answer is CORRECT. Not anomaly detection between that does not prevent users from signing-in! '