One of the prerequisites to using a session policy is "The relevant apps should be deployed with Conditional Access App Control", which is done via the Azure AD Admin Center
https://learn.microsoft.com/en-us/defender-cloud-apps/session-policy-aad#prerequisites-to-using-session-policies
https://learn.microsoft.com/en-us/defender-cloud-apps/proxy-deployment-aad
----
If you assume that has been done, and the question relates to first steps in creating the actual Session Policy, I would say you'd need to Monitor first, to see the impact of the policy prior to deploying - which would make the answer A
The comment suggests that one of the prerequisites for using a session policy is to deploy the relevant apps with Conditional Access App Control, which is done via the Azure AD Admin Center.
While this information is accurate, it highlights the prerequisite for using session policies rather than the first step in creating a session policy. The comment doesn't specifically explain why option A is the correct first step.
To create a Microsoft Defender for Cloud Apps session policy, you should first:
C. From the Azure Active Directory admin center, create a Conditional Access policy.
Creating a Conditional Access policy is necessary to enforce session controls, which can then be used in Microsoft Defender for Cloud Apps to monitor and control user sessions in real-time. This setup allows you to apply session policies that manage access to cloud apps based on the user's session context.
Answer is B. App onboarding/maintenance is the section in the Microsoft Defender for Cloud Apps portal where you can configure and manage session policies for your applications.
Options A, C, and D do not directly relate to the creation of session policies for Microsoft Defender for Cloud Apps.
A: User monitoring typically involves tracking user activities but doesn't specifically pertain to creating session policies.
C: Creating a Conditional Access policy in the Azure Active Directory admin center is a different task and not directly related to session policies in Defender for Cloud Apps.
D: Creating a continuous report is a different action and doesn't involve setting up session policies.
So the correct answer is B.
Based on the provided comments, it seems that there is some confusion regarding the first step in creating a Microsoft Defender for Cloud Apps session policy. While user monitoring may be a part of the overall configuration, the initial step should be creating a Conditional Access policy from the Azure Active Directory admin center (option C)
I think A. https://learn.microsoft.com/en-us/defender-cloud-apps/session-policy-aad "In the Microsoft 365 Defender portal, under Cloud Apps, go to Policies -> Policy management. Then select the Conditional access tab." It is therefore NOT C as that says to create a CA in Azure AD Admin.
Later in the same link "Then, under Conditional Access App Control select User monitoring and unselect the Notify users checkbox."
upvoted 4 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Halwagy
Highly Voted 1 year, 11 months agoultraRunningCA
1 year, 10 months agoCloudLife
1 year, 6 months agohml_2024
Most Recent 4 months, 1 week agoKRISTINMERIEANN
9 months agoklayytech
9 months, 1 week agoNielll
10 months agoManny_ez
11 months, 2 weeks agoEmnCours
1 year, 5 months agodule27
1 year, 6 months agoCloudLife
1 year, 6 months agodule27
1 year, 6 months agodule27
1 year, 6 months agob233f0a
1 year, 7 months ago