Microsoft Cybersecurity Architect — Question 49

Note: This section contains one or more sets of questions with the same scenario and problem. Each question presents a unique solution to the problem. You must determine whether the solution meets the stated goals. More than one solution in the set might solve the problem. It is also possible that none of the solutions in the set solve the problem.

After you answer a question in this section, you will NOT be able to return. As a result, these questions do not appear on the Review Screen.

You have a Microsoft 365 subscription that uses Microsoft Defender XDR. The subscription contains 500 devices that are enrolled in Microsoft Intune. The subscription contains 500 users that connect to external software as a service (SaaS) apps by using the devices.

You need to implement a solution that meets the following requirements:

• Allows user access to SaaS apps that Microsoft has identified as low risk
• Blocks user access to SaaS apps that Microsoft has identified as high risk

Solution: You configure app protection policies in Intune, and you create a Conditional Access policy.

Does this meet the goal?

Answer options

• A. Yes
• B. No

Correct answer: B

Explanation

The solution does not meet the goal because while app protection policies are useful for managing app behavior, they do not inherently block access to high-risk SaaS apps as required. Conditional Access policies can restrict access based on risk levels, but the combination in this case does not explicitly enforce the needed risk-based access controls.