SC-100 Exam QuestionsBrowse all questions from this exam
Go to Exam

SC-100 Exam - Question 72

HOTSPOT

-

You are designing the security architecture for a cloud-only environment.

You are reviewing the integration point between Microsoft 365 Defender and other Microsoft cloud services based on Microsoft Cybersecurity Reference Architectures (MCRA).

You need to recommend which Microsoft cloud services integrate directly with Microsoft 365 Defender and meet the following requirements:

• Enforce data loss prevention (DLP) policies that can be managed directly from the Microsoft 365 Defender portal.

• Detect and respond to security threats based on User and Entity Behavior Analytics (UEBA) with unified alerting.

What should you include in the recommendation for each requirement? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Show Answer
Correct Answer:

Discussion

14 comments
Sign in to comment
Victory007
Aug 5, 2023

1. Purview- For the requirement to enforce data loss prevention (DLP) policies that can be managed directly from the Microsoft 365 Defender portal, you should include Microsoft Purview in your recommendation. https://learn.microsoft.com/en-us/microsoft-365/security/defender/dlp-investigate-alerts-defender?view=o365-worldwide 2. MS Defender for Identity. Microsoft Defender for Cloud Apps provides user entity behavioral analytics (UEBA) in the cloud. This can be extended to your on-premises environment by integrating with Microsoft Defender for Identity. After you integrate with Defender for Identity, you’ll also gain context around user identity from its native integration with Active Directory. https://learn.microsoft.com/en-us/defender-cloud-apps/tutorial-ueba

hovlund
Oct 26, 2023

It is NOT Defender for Identity because its a cloud only environment..., i agree with ServerBrian: Purview and Identity Protection

Azerty1313
Dec 10, 2023

Agree. Azure ID protect is a better fit as it is Azure only. https://techcommunity.microsoft.com/t5/security-compliance-and-identity/introducing-investigation-priority-built-on-user-and-entity/ba-p/360853#:~:text=UEBA%20for%20Azure%20ATP%2C%20MCAS%2C%20and%20Azure%20AD%20Identity%20Protection&text=Activities%20and%20events%20from%20these,organization%2C%20should%20they%20be%20compromised.

KrissB
Aug 20, 2023

Purview and Microsoft Defender for Identity. MDI is a pre-requisite UEBA across various security workloads.

Arjanussie
Dec 7, 2023

It is a design of a cloud only environment and Yes, Azure AD Identity Protection provides User and Entity Behavior Analytics (UEBA) functionality . UEBA uses artificial intelligence and machine learning to model how users and devices typically behave. It then compares future behavior against the baseline to create a risk score. This allows you to analyze large data sets and elevate the highest-priority alerts

summut
Dec 29, 2023

1 = Purview 2 = Identity Protection (MDI is a Hybrid solution mainly for monitoring and protecting on-prem identities)

cybrtrk
Jan 1, 2024

Purview is correct No active directory in this question, so UEBA should be Azure AD Identity Protection.

emartiy
Jun 26, 2024

As other mentioned.. DLP > Microsoft Purview other options do not fulfill requirement UEBA > for cloud based checks Azure AD Identity protection when you refer to question and given environment... Don't miss point.

sbnpj
Aug 15, 2023

Purview and Defender for Identity https://learn.microsoft.com/en-us/defender-cloud-apps/tutorial-suspicious-activity

ServerBrain
Aug 17, 2023

Purview and Identity Protection https://learn.microsoft.com/en-us/azure/security/fundamentals/threat-detection

ayadmawla
Jan 14, 2024

Just remember that "MS Defender for Identity" is for on premise AD identity protection and not the Cloud Identity as the case in this question. see: https://learn.microsoft.com/en-us/defender-for-identity/what-is#detect-threats-across-modern-identity-environments Defender for Identity uses data from across your environment, including domain controllers, Active Directory Federation Services (AD FS), and Active Directory Certificate services (AD CS), to provide you with a complete view of your identity environment. Defender for Identity sensors monitor domain controller traffic by default. For AD FS / AD CS servers, make sure to install the relevant sensor type for complete identity monitoring.

smanzana
Oct 22, 2023

Microsoft Purview and Microsoft Defender for Identity

ubiquituz
Mar 3, 2024

Microsoft Defender for Identity To help you focus on user identity, Microsoft Defender for Cloud Apps provides user entity behavioral analytics (UEBA) in the cloud. This can be extended to your on-premises environment by integrating with Microsoft Defender for Identity. After you integrate with Defender for Identity, you'll also gain context around user identity from its native integration with Active Directory.

macka2005
Jun 24, 2024

1. Purview 2. Microsoft Defender for Identity - "Defender for Identity is fully integrated with Microsoft Defender XDR, and leverages signals from both on-premises Active Directory and cloud identities to help you better identify, detect, and investigate advanced threats directed at your organization." https://learn.microsoft.com/en-us/defender-for-identity/what-is

Socgen1
Jul 13, 2024

DLP - Purview UEBA - Identity Protection as it is cloud only environment - because Microsoft Defender for Identity (formerly Azure Advanced Threat Protection or Azure ATP) is a cloud-based security solution that leverages on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. To detect and respond to security threats based on User and Entity Behavior Analytics (UEBA) with unified alerting using Defender for Identity