Exam MS-500 topic 3 question 22 discussion

The answer is D: Session Policy Enforce read-only mode for external users in real time Prevent company data from being exfiltrated by external users, by blocking print and copy/paste activities in real-time, utilizing Cloud App Security's session controls. https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection#enforce-read-only-mode-for-external-users-in-real-time:~:text=.-,Enforce%20read%2Donly%20mode%20for%20external%20users%20in%20real%20time,Prevent%20company%20data%20from%20being%20exfiltrated%20by%20external%20users%2C%20by%20blocking%20print%20and%20copy%2Fpaste%20activities%20in%20real%2Dtime%2C%20utilizing%20Cloud%20App%20Security's%20session%20controls.,-Prerequisites

I tried to test this in Cloud App Security and to be honest as a novice in CAS I was struggling. My results were inconclusive, so I sent Microsft an Email and they replied confirming the given answer is correct. This is completed by creating a Session Control Policy in CAS. Then 'Use Custom Policy' in Conditional Access and select the policy you created in Cloud App Security from the list. x

This question is outdated. Microsoft Cloud App was replaced with Microsoft Defender for Cloud Apps. Please remove.

Session policy

Session Policy for sure.

Session policy

D is indeed the answer. Via Microsoft Docs, there are only two different policies, Access and Session. Access policies will block the ability to use the app at all. Session policies can restrict specific activities when setting the type to "Activity" Source: https://docs.microsoft.com/en-us/defender-cloud-apps/session-policy-aad#block-activities

D is correct!

Correct ans. Session policy With the access and session policies, you can: Prevent data exfiltration: You can block the download, cut, copy, and print of sensitive documents on, for example, unmanaged devices. https://docs.microsoft.com/en-us/cloud-app-security/proxy-intro-aad#how-it-works:~:text=With%20the%20access%20and%20session%20policies%2C,documents%20on%2C%20for%20example%2C%20unmanaged%20devices. Session control applies to browser-based apps. To block access from mobile and desktop apps, create an Access policy While Activity Policies are for generating alerts and using Governance action to Suspend users etc. Based on x activity or repeat activities suspend user/confirm user compromised etc.

The correct answer is a Session Policy. You set up a Session policy. Session control type of Block. Put in the filter for the activity of printing and then use the action to block. Activity Policies are for generating alerts and using Governance action to Suspend users etc. Based on x activity or repeat activities suspend user/confirm user compromised etc.

I have tested this in lab, it is D- Session Policy

With the access and session policies, you can: Prevent data exfiltration: You can block the download, cut, copy, and print of sensitive documents on, for example, unmanaged devices. https://docs.microsoft.com/en-us/cloud-app-security/proxy-intro-aad#how-it-works:~:text=With%20the%20access%20and%20session%20policies%2C,documents%20on%2C%20for%20example%2C%20unmanaged%20devices.

Why not "Activity policy", we can define there an "Activity type" filter? https://docs.microsoft.com/en-us/cloud-app-security/user-activity-policies

reference: https://docs.microsoft.com/en-us/cloud-app-security/session-policy-aad