Exam SC-100 All QuestionsBrowse all questions from this exam
Go to Exam
Question 72

HOTSPOT

-

You are designing the security architecture for a cloud-only environment.

You are reviewing the integration point between Microsoft 365 Defender and other Microsoft cloud services based on Microsoft Cybersecurity Reference Architectures (MCRA).

You need to recommend which Microsoft cloud services integrate directly with Microsoft 365 Defender and meet the following requirements:

• Enforce data loss prevention (DLP) policies that can be managed directly from the Microsoft 365 Defender portal.

• Detect and respond to security threats based on User and Entity Behavior Analytics (UEBA) with unified alerting.

What should you include in the recommendation for each requirement? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

    Correct Answer:

Discussion
Victory007

1. Purview- For the requirement to enforce data loss prevention (DLP) policies that can be managed directly from the Microsoft 365 Defender portal, you should include Microsoft Purview in your recommendation. https://learn.microsoft.com/en-us/microsoft-365/security/defender/dlp-investigate-alerts-defender?view=o365-worldwide 2. MS Defender for Identity. Microsoft Defender for Cloud Apps provides user entity behavioral analytics (UEBA) in the cloud. This can be extended to your on-premises environment by integrating with Microsoft Defender for Identity. After you integrate with Defender for Identity, you’ll also gain context around user identity from its native integration with Active Directory. https://learn.microsoft.com/en-us/defender-cloud-apps/tutorial-ueba

hovlund

It is NOT Defender for Identity because its a cloud only environment..., i agree with ServerBrian: Purview and Identity Protection

Azerty1313

Agree. Azure ID protect is a better fit as it is Azure only. https://techcommunity.microsoft.com/t5/security-compliance-and-identity/introducing-investigation-priority-built-on-user-and-entity/ba-p/360853#:~:text=UEBA%20for%20Azure%20ATP%2C%20MCAS%2C%20and%20Azure%20AD%20Identity%20Protection&text=Activities%20and%20events%20from%20these,organization%2C%20should%20they%20be%20compromised.

KrissB

Purview and Microsoft Defender for Identity. MDI is a pre-requisite UEBA across various security workloads.

emartiy

As other mentioned.. DLP > Microsoft Purview other options do not fulfill requirement UEBA > for cloud based checks Azure AD Identity protection when you refer to question and given environment... Don't miss point.

cybrtrk

Purview is correct No active directory in this question, so UEBA should be Azure AD Identity Protection.

summut

1 = Purview 2 = Identity Protection (MDI is a Hybrid solution mainly for monitoring and protecting on-prem identities)

Arjanussie

It is a design of a cloud only environment and Yes, Azure AD Identity Protection provides User and Entity Behavior Analytics (UEBA) functionality . UEBA uses artificial intelligence and machine learning to model how users and devices typically behave. It then compares future behavior against the baseline to create a risk score. This allows you to analyze large data sets and elevate the highest-priority alerts

ayadmawla

Just remember that "MS Defender for Identity" is for on premise AD identity protection and not the Cloud Identity as the case in this question. see: https://learn.microsoft.com/en-us/defender-for-identity/what-is#detect-threats-across-modern-identity-environments Defender for Identity uses data from across your environment, including domain controllers, Active Directory Federation Services (AD FS), and Active Directory Certificate services (AD CS), to provide you with a complete view of your identity environment. Defender for Identity sensors monitor domain controller traffic by default. For AD FS / AD CS servers, make sure to install the relevant sensor type for complete identity monitoring.

ServerBrain

Purview and Identity Protection https://learn.microsoft.com/en-us/azure/security/fundamentals/threat-detection

sbnpj

Purview and Defender for Identity https://learn.microsoft.com/en-us/defender-cloud-apps/tutorial-suspicious-activity

Socgen1

DLP - Purview UEBA - Identity Protection as it is cloud only environment - because Microsoft Defender for Identity (formerly Azure Advanced Threat Protection or Azure ATP) is a cloud-based security solution that leverages on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. To detect and respond to security threats based on User and Entity Behavior Analytics (UEBA) with unified alerting using Defender for Identity

macka2005

1. Purview 2. Microsoft Defender for Identity - "Defender for Identity is fully integrated with Microsoft Defender XDR, and leverages signals from both on-premises Active Directory and cloud identities to help you better identify, detect, and investigate advanced threats directed at your organization." https://learn.microsoft.com/en-us/defender-for-identity/what-is

ubiquituz

Microsoft Defender for Identity To help you focus on user identity, Microsoft Defender for Cloud Apps provides user entity behavioral analytics (UEBA) in the cloud. This can be extended to your on-premises environment by integrating with Microsoft Defender for Identity. After you integrate with Defender for Identity, you'll also gain context around user identity from its native integration with Active Directory.

smanzana

Microsoft Purview and Microsoft Defender for Identity