Tutorial / Cram Notes
Microsoft Defender for Cloud Apps, formerly known as Microsoft Cloud App Security, is a comprehensive solution that can help organizations gain visibility into their cloud applications, enhance data protection, and enforce compliance policies. When preparing for the SC-300: Microsoft Identity and Access Administrator exam, it’s crucial to understand how to create access and session policies within Defender for Cloud Apps to control information within an enterprise environment.
Access and session control policies in Microsoft Defender for Cloud Apps are means to monitor and control user activities and access to cloud apps. We’ll explore what these policies entail, how to create them, and some examples of practical applications.
Access Policies
Access policies in Microsoft Defender for Cloud Apps allow administrators to enforce access controls and apply actions based on specific conditions. You can define which apps are accessible, under what conditions, and for which users.
Creating Access Policies:
- Navigate to Defender for Cloud Apps: Sign in to the Microsoft Defender portal and select Defender for Cloud Apps.
- Go to Control > Policies: This is where you manage your policies.
- Create a Policy: Click on “Create policy” and select “Access policy”.
- Define the Policy Settings:
- Policy Name: Give your policy a descriptive name.
- Filters: Filters define the policy scope and can include user groups, IP address ranges, geographical locations, and devices.
- Actions: Define the actions to take when the policy conditions are met, such as Block Access, Allow Access, or Require Multi-Factor Authentication (MFA).
Example: Restrict Access Outside of Work Hours
Policy Name: Restrict Access After Hours
Filters: User Activity – Access, Time – Outside of 09:00 to 17:00
Actions: Block Access
Session Policies
Session policies in Defender for Cloud Apps enable real-time monitoring and control over user actions within cloud apps during a session.
Creating Session Policies:
- Navigate to Defender for Cloud Apps: Access the Microsoft Defender portal.
- Create a Session Policy: Select “Control” > “Policies” > “Create policy” > “Session policy”.
- Configure the Policy:
- Name: Assign a meaningful name to the session policy.
- Session Control Type: Choose from “Control file download (with inspection)” or “Control file upload (with inspection)” depending on your need.
- Activity Filters: Apply filters to specify the conditions, such as user accounts, groups, IP addresses, or risk level.
- Actions: Set actions like Block, Protect, Allow, or Monitor based on session activities.
Example: Protect Download of Sensitive Documents
Policy Name: Sensitive Document Download Control
Session Control Type: Control file download (with inspection)
Activity Filters: File Tag – PII, User Group – Finance Department
Actions: Protect with Azure Information Protection
Comparison of Access and Session Policies
| Policy Type | Use Case | When Applied | Examples of Actions |
|---|---|---|---|
| Access | Determine if access should be granted to a cloud app | At the moment of access and authentication | Block access, require MFA, limit to certain networks or locations |
| Session | Control and monitor user activities within a cloud app session | During active sessions after access is granted | Block downloads, apply protections to files, monitor activities |
Using Microsoft Defender for Cloud Apps, administrators can effectively create policies tailored to organizational needs. The policies help ensure that only authorized users can access and interact with the cloud apps in accordance with company security guidelines. Regular auditing and updating of these policies ensure that they continue to effectively safeguard resources as threat landscapes and organizational needs evolve.
By understanding and implementing access and session policies in Microsoft Defender for Cloud Apps, candidates preparing for the SC-300 Microsoft Identity and Access Administrator exam demonstrate their competency in managing, implementing, and monitoring identity and access within an enterprise environment.
Practice Test with Explanation
True or False: In Microsoft Defender for Cloud Apps, you can create policies that trigger alerts based on users’ risky behavior.
- (A) True
- (B) False
Answer: A) True
Explanation: Microsoft Defender for Cloud Apps allows you to create policies that can trigger alerts when it detects risky behavior, such as downloading a large amount of data or accessing the app from an untrusted network.
Microsoft Defender for Cloud Apps session policies apply to:
- (A) User activities within an app
- (B) Data at rest within an app
- (C) The initial sign-in event to an app
- (D) Network infrastructure traffic
Answer: A) User activities within an app
Explanation: Session policies in Microsoft Defender for Cloud Apps apply to user activities within a cloud app, enabling real-time monitoring and control over user sessions.
True or False: An access policy in Microsoft Defender for Cloud Apps can block access to a cloud application based on the user’s location.
- (A) True
- (B) False
Answer: A) True
Explanation: Access policies in Microsoft Defender for Cloud Apps can indeed block access based on criteria such as user location, device compliance, or risk level, enhancing control over how cloud applications are accessed.
Which of the following can you control using session policies in Microsoft Defender for Cloud Apps?
- (A) Conditional Access
- (B) Real-time monitoring
- (C) Encryption of data in transit
- (D) File download and upload restrictions
Answer: B) Real-time monitoring and D) File download and upload restrictions
Explanation: Session policies in Microsoft Defender for Cloud Apps allow for real-time monitoring of activities and can control actions like downloading or uploading files to enforce data protection policies.
True or False: Conditional Access App Control uses reverse proxy architecture to enhance session control in Microsoft Defender for Cloud Apps.
- (A) True
- (B) False
Answer: A) True
Explanation: Conditional Access App Control in Microsoft Defender for Cloud Apps uses a reverse proxy mechanism to give administrators the power to monitor and control sessions in real time.
Which type of policy do you need to create in Microsoft Defender for Cloud Apps to enforce compliance with data protection regulations like GDPR?
- (A) Access policy
- (B) Activity policy
- (C) Data protection policy
- (D) Governance policy
Answer: C) Data protection policy
Explanation: Data protection policies in Microsoft Defender for Cloud Apps can help enforce compliance with regulations like GDPR by controlling how sensitive information is accessed, shared, or transferred.
What can an Activity Policy in Microsoft Defender for Cloud Apps be used to detect?
- (A) Brute force login attempts
- (B) Impossible travel activity
- (C) Data exfiltration
- (D) All of the above
Answer: D) All of the above
Explanation: Activity policies in Microsoft Defender for Cloud Apps can detect and alert on various activities such as brute force login attempts, impossible travel, and potential data exfiltration.
True or False: An access policy in Microsoft Defender for Cloud Apps can enforce multi-factor authentication (MFA) when accessing cloud applications.
- (A) True
- (B) False
Answer: A) True
Explanation: Access policies in Microsoft Defender for Cloud Apps can trigger requirements for multi-factor authentication when specified conditions are met, enhancing the security layer for accessing cloud applications.
In Microsoft Defender for Cloud Apps, which policy type can be used to identify and control the use of shadow IT?
- (A) Access policy
- (B) Activity policy
- (C) Discovery policy
- (D) Session policy
Answer: C) Discovery policy
Explanation: Discovery policies in Microsoft Defender for Cloud Apps are used to identify and manage shadow IT by analyzing and controlling the use of unapproved cloud applications within the organization.
True or False: You can integrate Microsoft Defender for Cloud Apps with Microsoft Information Protection to classify and protect documents accessed through cloud applications.
- (A) True
- (B) False
Answer: A) True
Explanation: Integration of Microsoft Defender for Cloud Apps with Microsoft Information Protection allows classification and protection of documents in cloud applications, leveraging labels for data governance and compliance.
Which of the following Microsoft Defender for Cloud Apps policies can enforce the use of managed devices to access cloud applications?
- (A) Activity policy
- (B) Access policy
- (C) Session policy
- (D) Governance policy
Answer: B) Access policy
Explanation: Access policies in Microsoft Defender for Cloud Apps can enforce conditions such as requiring the use of managed devices for accessing cloud applications.
True or False: Microsoft Defender for Cloud Apps only applies to Microsoft cloud services like Office 365 and Azure services.
- (A) True
- (B) False
Answer: B) False
Explanation: Microsoft Defender for Cloud Apps is not limited to Microsoft cloud services; it also provides visibility and control for numerous other cloud applications and services used in the organization.
Interview Questions
What is Microsoft Defender for Cloud Apps?
Microsoft Defender for Cloud Apps is a cloud access security broker (CASB) that enables you to gain visibility and control over the use of software-as-a-service (SaaS) applications and cloud services in your organization.
What is a policy in Microsoft Defender for Cloud Apps?
A policy is a set of rules that define the behavior and actions of the system.
What is the Policy Template Reference in Microsoft Defender for Cloud Apps?
The Policy Template Reference is a collection of pre-built policy templates that you can use to help you configure policies quickly and easily.
What are some categories of policy templates available in the Policy Template Reference in Microsoft Defender for Cloud Apps?
Some categories of policy templates available in the Policy Template Reference include Data Loss Prevention (DLP), Compliance, Threat Protection, and Activity Control.
How can you create a custom policy in Microsoft Defender for Cloud Apps?
You can create a custom policy by selecting the “New Policy” button in the Policies page, and selecting the appropriate settings for your policy.
What is an access policy in Microsoft Defender for Cloud Apps?
An access policy is a set of rules that control how users can access cloud applications and data.
What is a session policy in Microsoft Defender for Cloud Apps?
A session policy is a set of rules that define the conditions under which a user can access cloud applications and data during a session.
What are some settings you can configure in an access policy in Microsoft Defender for Cloud Apps?
Some settings you can configure in an access policy include the applications that the policy applies to, the users and groups that the policy applies to, and the action that should be taken when the policy is violated.
What are some settings you can configure in a session policy in Microsoft Defender for Cloud Apps?
Some settings you can configure in a session policy include session timeouts, IP ranges, and device platform.
What is the difference between an access policy and a session policy in Microsoft Defender for Cloud Apps?
An access policy controls how users can access cloud applications and data, while a session policy defines the conditions under which a user can access cloud applications and data during a session.
How can you apply a policy in Microsoft Defender for Cloud Apps?
You can apply a policy by selecting the appropriate policy from the Policies page, and assigning it to the appropriate users or groups.
What is the Policy Control Panel in Microsoft Defender for Cloud Apps?
The Policy Control Panel is a dashboard that allows you to view and manage all of your policies in one place.
What are some benefits of using policies in Microsoft Defender for Cloud Apps?
Some benefits of using policies include better visibility and control over cloud applications and data, enhanced security, and improved compliance.
What is the recommended approach for creating policies in Microsoft Defender for Cloud Apps?
The recommended approach for creating policies is to start with a template, and then modify the settings as needed to meet your organization’s specific needs.
How can you monitor and enforce policies in Microsoft Defender for Cloud Apps?
You can monitor and enforce policies by using the Policy Control Panel to view policy violations, and by configuring appropriate alerts and notifications.
Creating access and session policies in Microsoft Defender for Cloud Apps is crucial for securing application usage. Anyone tried to integrate it with custom applications?
Yes, I have integrated it with a few custom apps. You can use conditional access policies in Azure AD in conjunction with Defender for Cloud Apps to effectively manage access.
Does anyone know if there’s a way to enforce session policies based on device compliance?
Absolutely, you can use device compliance signals from Intune to create policies that restrict or allow access to resources based on the compliance state of the user’s device.
Thanks for the helpful post!
I’m struggling to configure session policies to block downloads in real-time. Any suggestions?
You can create a session policy with a ‘Block downloads’ action. Just make sure to test it in your environment to see if it behaves as expected with your specific apps.
Can session policies be used to monitor unexpected behavior in apps?
Yes, you can configure anomaly detection policies within Microsoft Defender for Cloud Apps to alert you on any unexpected behaviors.
The UI for creating access policies seems a bit clunky. Anyone else experience this?
I agree, the UI could use some improvement. However, using the API might be a more streamlined way for creating policies if you’re comfortable with that.
Sometimes I feel the same. The good thing is, once you get the hang of it, it’s quite powerful. But yes, the learning curve is a bit steep.
How does Microsoft Defender for Cloud Apps integrate with other security solutions?
It integrates well with other Microsoft security solutions like Azure Security Center and Security Information and Event Management (SIEM) tools. This integration provides comprehensive security coverage.
Are there any specific best practices for deploying session policies in a hybrid environment?
In a hybrid environment, ensure that your policies are compatible with both on-premises and cloud applications. Regularly update and review your policies to adapt to new security threats.