Exam SC-300 topic 2 question 35 discussion

B. a conditional access policy in Azure Active Directory (Azure AD) you can block user interactive sign-in via a client uses basic auth with Conditional Access policy checking..

B is correct.

Hahaha, Examtopics must be kidding. B for sure. D is impossible, because: there's no such thing as "application control profile in Microsoft Endpoint Manager" the nearest is "application control policy", but this is "designed to protect devices against malware and other untrusted software".

B. a conditional access policy in Azure Active Directory (Azure AD) Conditional access policies in Azure AD allow you to control access to resources based on conditions such as user location, device compliance, and client application type. By creating a conditional access policy that enforces Modern authentication protocols and blocks Basic authentication, you can achieve the desired security outcome. This will ensure that only email clients supporting Modern authentication are allowed to connect to Exchange Online. Options A, C, and D are not directly related to enforcing the use of Modern authentication protocols for Exchange Online and would not achieve the goal of blocking Basic authentication.

WOW, so many different answers.. I am going with B https://o365reports.com/2022/07/20/disable-basic-authentication-office-365/

Correct Answer: D

B. a conditional access policy in Azure Active Directory (Azure AD)

Hi - I think you guys are incorrect. This question is asking to specifically block 'BASIC' Authentication in Exchange Online, not 'LEGACY' Authentication. Microsoft specifically details how to do this here: https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/disable-basic-authentication-in-exchange-online

B is correct The easiest way to block legacy authentication across your entire organization is by configuring a Conditional Access policy that applies specifically to legacy authentication clients and blocks access.

B is correct

Conditional access policy is used for blocking legacy auth.

The question says nothing about what type of device or what tjhe application being used is so setting an App control policy will not do anything. CA polciies allow legacy auth to be blocked regardless of device.

B also

https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/block-legacy-authentication

https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/block-legacy-authentication

as you can block legacy connection to Exchange from CA

B for me