Microsoft Defender for Cloud Apps is a critical tool utilized for protecting data and applications in the cloud. This powerful tool offers a set of capabilities designed to offer improved visibility into your cloud apps and services. As an IT professional preparing for the SC-300 Microsoft Identity and Access Administrator exam, configuring access and session policies in Microsoft Defender for Cloud Apps is an essential aspect to learn.
Understand Access and Session Policies
Before digging into how to configure the access and session policies, it’s essential to comprehend what these policies are and the role they play in the context of Microsoft Defender for Cloud Apps.
Access policies apply control to applications tracked by the Cloud App Security discovery tool after users attempt to access them. With access policies, organizations can protect their data through real-time monitoring and control of activities in cloud applications. These policies provide granular control over different elements like data, devices, and user activities.
Session policies, on the other hand, offer real-time, session-based control over activities in cloud applications. Session policies provide control over file downloads and can provide view-only access to sensitive information.
Creating Access Policies in Microsoft Defender for Cloud Apps
Here is a step-by-step guide on how to create an access policy:
- Navigate to the Microsoft Defender portal.
- Go to
Control > Policies
. - Click on
Create policy > App discovery policy
. - In the
Policy template
tab, selectAccess policy
. - Define the criteria for your policy under
Filters
. This could be any cloud app where the device Compliance equals Non-Compliant. - Under
Actions
, selectBlock access
, then click onCreate
.
Creating Session Policies in Microsoft Defender for Cloud Apps
Creating session policies is a similar process. Follow these steps:
- Navigate to the Microsoft Defender portal.
- Move to
Control > Policies
. - Click
Create policy > Access policy
. - In the
Policy template
tab, selectSession policy
. - Define the criteria for your policy under
Filters
. For instance, you might create a rule for any cloud app, where the device tagging rule equals Corporate. - Under
Actions
, selectBlock download
, then click onCreate
.
Final Words
Properly configuring access and session policies in Microsoft Defender for Cloud Apps enables organizations to protect their cloud resources and maintain regulatory compliance. As you prepare for your SC-300 Microsoft Identity and Access Administrator exam, having a firm understanding of these policies will be critical for successful cloud security management.
Practice Test
True or False: Microsoft Defender for Cloud Apps is a security solution that helps organizations discover and control the use of Software as a Service (SaaS) applications.
- True
- False
Answer: True.
Explanation: Microsoft Defender for Cloud Apps is a comprehensive solution that can be used to discover and manage the use of SaaS applications in an organization.
Multiple Select: Which of the following can be achieved using session policies in Microsoft Defender for Cloud Apps?
- a) Control data access
- b) Block specific activities
- c) Control session durations
- d) Prevent unauthorized software download
Answer: a) Control data access, b) Block specific activities.
Explanation: Session policies in Microsoft Defender for Cloud Apps can help control data access and block specific activities based on certain conditions or behaviors.
Single Select: Which of the following is NOT a configuration requirement for integrating Microsoft Defender for Cloud Apps with Azure Active Directory?
- a) Office 365 subscription
- b) Managed domains in Azure AD
- c) A valid Azure AD premium subscription
- d) Azure Information Protection integration
Answer: d) Azure Information Protection integration.
Explanation: Azure Information Protection integration is not a configuration requirement for integrating Microsoft Defender for Cloud Apps with Azure AD.
True or False: An access policy should be created for each individual cloud app in Microsoft Defender for Cloud Apps.
- True
- False
Answer: False.
Explanation: An access policy can apply to multiple cloud apps, not just a single one.
Single Select: What is the first step in creating access policies in Microsoft Defender for Cloud Apps?
- a) Specify actions
- b) Define conditions
- c) Name the policy
- d) Select cloud apps
Answer: c) Name the policy.
Explanation: In the process of creating access policies, the first step is providing a name and description for the policy.
True or False: It is possible to enforce multi-factor authentication using session policies in Microsoft Defender for Cloud Apps.
- True
- False
Answer: True.
Explanation: Session policies can be used to enforce conditions such as multi-factor authentication for enhanced security.
Multiple Select: In terms of access and session control capabilities, Microsoft Defender for Cloud Apps policies can help:
- a) Detect risky behavior
- b) Prevent data leaks
- c) Block unauthorized users
- d) Optimize cloud storage costs
Answer: a) Detect risky behavior, b) Prevent data leaks, c) Block unauthorized users.
Explanation: Microsoft Defender for Cloud Apps policies can provide security in multiple ways, including detecting risky behavior, preventing data leaks, and blocking unauthorized users. It does not directly provide tools to optimize cloud storage costs.
True or False: Access policies in Microsoft Defender for Cloud Apps can be used to limit access based on user location.
- True
- False
Answer: True.
Explanation: Access policies can restrict access based on a range of conditions or behaviors, including user location.
Single Select: Microsoft Defender for Cloud Apps session policies do NOT provide an option to:
- a) Control the session duration
- b) Block download of sensitive documents
- c) Extract app-related activities
- d) Control the data access
Answer: a) Control the session duration
Explanation: Session policies can control data access, block downloads, and extract app-related activities, but they don’t provide an option to control the session duration.
True or False: Microsoft Defender for Cloud Apps only supports creating access policies for Microsoft cloud services.
- True
- False
Answer: False.
Explanation: Microsoft Defender for Cloud Apps supports creating access and session policies for a large number of third-party cloud services in addition to Microsoft ones.
Interview Questions
What is Microsoft Defender for Cloud Apps?
Microsoft Defender for Cloud Apps is a Cloud Access Security Broker (CASB) solution providing visibility, control over data travel, and analytics to identify and combat cyber threats across all your Microsoft and third-party cloud services.
How to create access policies in Microsoft Defender for Cloud Apps?
You can create access policies in Microsoft Defender for Cloud Apps via the following steps: Go to the portal of Microsoft Defender for Cloud Apps -> Click Control -> Select Policies -> Click Create policy -> Choose Access policy -> Name the policy, describe it, and define the policy severity -> Set Filters and Actions for the policy -> Click Create.
What is the purpose of creating session policies in Microsoft Defender for Cloud Apps?
Session policies in Microsoft Defender for Cloud Apps allow real-time control over user sessions. These policies can limit certain activities, monitor activities, or block activities, making them essential for the security of your cloud apps.
How to create a session policy in Microsoft Defender for Cloud Apps?
To create a session policy, navigate to the Microsoft Defender for Cloud Apps dashboard. Click on ‘Control’, then ‘Policies’. Click on ‘Create policy’ and select ‘Session policy’. Provide a name for your policy, describe it, and define the policy severity. Then, set up your filters and actions for your policy and click ‘Create’.
How many types of Microsoft Defender for Cloud Apps policies are there?
There are four types of Microsoft Defender for Cloud Apps policies: Access policies, Activity policies, Anomaly detection Policies, and Cloud Discovery policies.
What is an Access Policy in Microsoft Defender for Cloud Apps?
An Access Policy in Microsoft Defender for Cloud Apps controls access to a cloud app based on the conditions defined in the policy. It can be set to either allow or block access to the app.
What is an Action in Microsoft Defender for Cloud Apps access policy?
An Action in Microsoft Defender for Cloud Apps access policy is the outcome that occurs when a condition defined within the policy is met. Actions can be set to Alert, Block access or Require multi-factor authentication.
What can the Monitor action in session policies of Microsoft Defender for Cloud Apps do?
The Monitor action in session policies of Microsoft Defender for Cloud Apps allows logging of certain activities without preventing them. It can be used whenever insight about certain user activities in cloud apps is required but blocking these activities is not practical.
What’s the function of a Session policy in Microsoft Defender for Cloud Apps?
The function of a Session policy is to provide real-time control during a user’s session in a cloud app. Upon triggering, it takes immediate action such as blocking activities or requiring re-authentication.
How does Microsoft Defender for Cloud Apps work with Conditional Access Policies?
Microsoft Defender for Cloud Apps works with Conditional Access Policies by enhancing the policies with session control. This means it can limit certain user activities within a session such as upload, download, or sharing of data.
Can I modify the existing policies in Microsoft Defender for Cloud Apps?
Yes, existing policies in Microsoft Defender for Cloud Apps can be edited, duplicated, or deleted based on your needs.
What security features does the Microsoft Defender for Cloud Apps provide?
Microsoft Defender for Cloud Apps provides several security features such as Threat Protection, Information Protection, Data Leak Prevention, Compliance, Investigation, and Discovery.
Is it possible to create custom alerts using Microsoft Defender for Cloud Apps?
Yes, with Microsoft Defender for Cloud Apps it is possible to create custom alerts based on user activities, policy matches, or even system issues.
Is Microsoft Defender for Cloud Apps available in all Microsoft 365 subscriptions?
No, Microsoft Defender for Cloud Apps is not included in all Microsoft 365 subscriptions, it requires an additional subscription.
How does Microsoft Defender for Cloud Apps enhance data security?
Microsoft Defender for Cloud Apps enhances data security by providing visibility into cloud app usage, data protection in the cloud, and real-time control over data access and usage in cloud apps.