Free Preparation Discussions
MENU
Microsoft SC-300 Exam - Topic 1 Question 129 Discussion
Topic #: 1
You have a Microsoft 365 E5 subscription.
Users authorize third-party cloud apps to access their data.
You need to configure an alert that will be triggered when an app requires high permissions and is authorized by more than 20 users.
Which type of policy should you create in the Microsoft Defender for Cloud Apps portal?
According to Microsoft Defender for Cloud Apps documentation and the SC-300 study guide, an OAuth app policy monitors third-party applications that request access to Microsoft 365 data through Microsoft Graph API permissions. These apps can request delegated or application permissions. When an app is authorized by many users and requests high permissions such as Calendars.ReadWrite, it can introduce security risks.
Defender for Cloud Apps allows administrators to create OAuth app policies to generate alerts when an app:
Requires high permissions (e.g., read/write to mailboxes, calendars, or files).
Is authorized by more than a specified number of users (for example, more than 20).
This matches the requirement in the question exactly. Other policy types (anomaly detection, access, or activity) monitor user or session behavior, not app consent behavior.
As per Microsoft's documentation:
''Use OAuth app policies to detect risky OAuth apps, monitor application permissions, and alert when apps are authorized by an unusual number of users or request excessive permissions.''
Currently there are no comments in this discussion, be the first to comment!