You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Cloud Apps.
You plan to increase app security for the subscription.
You need to identify which apps do NOT require user authentication
What should you do in the Microsoft 365 Defender portal?
Task 1
You need to deploy multi factor authentication (MFA). The solution must meet the following requirements:
* Require MFA registration only for members of the Sg-Finance group.
* Exclude Debra Berger from having to register for MFA.
* Implement the solution without using a Conditional Access policy.
To deploy Multi-Factor Authentication (MFA) for only the members of the Sg-Finance group, excluding Debra Berger, and without using a Conditional Access policy, you can follow these steps:
Open the Microsoft Entra admin center:
Sign in as a Security Administrator or Global Administrator.
Navigate to MFA settings:
Go toUsers>Active users.
On theActive userspage, selectMulti-factor authentication.
Manage user settings:
Find and select theSg-Financegroup.
Enable MFA for this group by setting therequirement statustoEnabled.
Exclude a user from MFA:
In theMulti-factor authenticationpage, search forDebra Berger.
Set her MFA status toDisabledto exclude her from MFA registration.
Verify the configuration:
Ensure that all members of the Sg-Finance group have MFA enabled except for Debra Berger.
Communicate the change:
Inform the Sg-Finance group members about the MFA requirement and provide instructions on how to register for MFA.
Monitor the setup:
Check the sign-in logs to confirm that MFA is being prompted for the Sg-Finance group members and not for Debra Berger.
Task 2
You need to implement a process to review guest users who have access to the Salesforce app. The review must meet the following requirements:
* The reviews must occur monthly.
* The manager of each guest user must review the access.
* If the reviews are NOT completed within five days, access must be removed.
* If the guest user does not have a manager, Megan Bowen must review the access.
To implement a process for reviewing guest users' access to the Salesforce app with the specified requirements, you can use Microsoft Entra's Identity Governance access reviews feature. Here's a step-by-step guide:
Assign the appropriate role:
Navigate to Identity Governance:
Sign in to the Microsoft Entra admin center.
Go to Identity governance > Access reviews1.
Create a new access review:
Select New access review.
Choose the Salesforce app to review guest user access1.
Configure the review settings:
Set the frequency of the review to monthly.
Define the duration of the review period to 5 days1.
Determine the reviewers:
Assign the manager of each guest user as the reviewer.
If a guest user does not have a manager, assign Megan Bowen as the reviewer1.
Automate the removal process:
Monitor and enforce compliance:
Regularly check the access review results to ensure compliance with the review policy1.
Communicate the process:
Inform all stakeholders about the new review process and provide guidance on how to complete the reviews.
By following these steps, you can ensure that guest users' access to the Salesforce app is reviewed monthly, with managers being responsible for the review, and access is removed if the review is not completed in time.
Task 3
You need to add the Linkedln application as a resource to the Sales and Marketing access package. The solution must NOT remove any other resources from the access package.
To add the LinkedIn application as a resource to the Sales and Marketing access package without removing any other resources, you can follow these steps:
Sign in to the Microsoft Entra admin center:
Ensure you have the role of Global Administrator or Identity Governance Administrator.
Navigate to Entitlement Management:
Go toIdentity governance>Entitlement management>Access packages1.
Select the Sales and Marketing access package:
Find and select theSales and Marketingaccess package to modify it.
Add a new resource:
Within the access package details, selectResources.
Click on+ Add resource.
Search for and select theLinkedInapplication from the list of available resources.
Configure the resource role:
Assign the appropriate role for the LinkedIn application that users in the Sales and Marketing access package will have.
Review and update the access package:
Ensure that the LinkedIn application has been added as a resource.
Confirm that no other resources have been removed from the access package.
Save the changes:
After reviewing, save the changes to the access package.
Communicate the update:
Notify the relevant users about the addition of the LinkedIn application to their access package.
By following these steps, you will successfully add the LinkedIn application to the Sales and Marketing access package without affecting the other resources.
Task 4
You need to ensure that all users can consent to apps that require permission to read their user profile. Users must be prevented from consenting to apps that require any other permissions.
To ensure that all users can consent to apps that require permission to read their user profile and prevent them from consenting to apps that require any other permissions, you can configure the user consent settings in the Microsoft Entra admin center. Here's how you can do it:
Sign in as a Global Administrator:
Access the Microsoft Entra admin center with Global Administrator privileges.
Navigate to user consent settings:
Configure the consent settings:
Under User consent for applications, select the option that allows users to consent to apps that only require permission to read their user profile.
Save the settings:
After configuring the consent settings, select Save to apply the changes.
By following these steps, you will have configured the system to allow user consent for apps that need to read the user profile while blocking consent for apps that require additional permissions. This setup helps maintain user autonomy where appropriate while safeguarding against unauthorized access to broader permissions.
Full Exam Access, Actual Exam Questions, Validated Answers, Anytime Anywhere, No Download Limits, No Practice Limits
Get All 290 Questions & Answers