Exam SC-300 topic 2 question 5 discussion

B is the correct answer imo - https://docs.microsoft.com/en-us/sharepoint/control-access-from-unmanaged-devices - You need to use "Use app enforced restrictions" from the "Session" control of the CA

So, first step is to create a Conditional Access Policy with Session configured in Azure AD, then create a Session Policy in Cloud App Security: https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-blocking-data-downloads-via-microsoft-cloud-app/ba-p/326357 So I'd say that since the first step is the Azure one the correct answer is B, since none of the other options for Cloud App Security make sense.

C - https://learn.microsoft.com/en-us/sharepoint/control-access-from-unmanaged-devices 1) you select what apps (as answer C says) 2) select Conditions > Filter devices

Answer: B Target resources Cloud apps -> Select apps Office 365 SharePoint Online Session Use Conditional Access App Control Block downloads (Preview) Grant access Require Microsoft Entra hybrid joined device

Correct Answer is B: Within a Conditional Access policy, an administrator can make use of session controls to enable limited experiences within specific cloud applications. Organizations can use this control to require Microsoft Entra ID to pass device information to the selected cloud apps. The device information allows cloud apps to know if a connection is from a compliant or domain-joined device and update the session experience. This control only supports Office 365, SharePoint Online, and Exchange Online as selected cloud apps. When selected, the cloud app uses the device information to provide users with a limited or full experience. Limited when the device isn't managed or compliant and full when the device is managed and compliant. https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-session

The correct answer is B. an Azure AD conditional access policy that has session controls configured. Azure AD conditional access policies allow you to control who can access your Azure AD resources and under what conditions. You can use conditional access policies to block users from downloading or syncing files from SharePoint Online on their user-owned computers.

The answer is: B. an Azure AD conditional access policy that has session controls configured Azure AD Conditional Access policies allow you to control user access to cloud apps based on conditions such as user identity, device state, and location. In this case, you can create a Conditional Access policy that prevents users from downloading or syncing files from SharePoint Online when they are using a user-owned device.

You need to use "Use app enforced restrictions" from the "Session" control of the CA and then "Use conditional access App Control". After that configure Conditional Access App Control app.

Correct Answer is: B

https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-conditions

B is the answer https://learn.microsoft.com/en-us/sharepoint/control-access-from-unmanaged-devices

Correction C. an Azure AD conditional access policy that has client apps conditions configured

Based on this information, the policy type that should be created is C. an Azure AD conditional access policy that has client apps conditions configured. This policy type allows you to control access to cloud apps based on specific conditions such as device platform and client app

C is the answer: https://learn.microsoft.com/en-us/defender-cloud-apps/proxy-intro-aad

B. an Azure AD conditional access policy that has session controls configured

B correct

B or C could be right. But I am inclined to B