Netskope Certified Cloud Security Expert (NCCSE) — Question 29

A company needs to block access to their instance of Microsoft 365 from unmanaged devices. They have configured Reverse Proxy and have also created a policy that blocks login activity for the AD group "marketing-users" for the Reverse Proxy access method. During UAT testing, they notice that access from unmanaged devices to Microsoft 365 is not blocked for marketing users.
What is causing this issue?

Answer options

• A. There is a missing group name in the SAML response.
• B. The username in the name ID field is not in the format of the e-mail address.
• C. There is an invalid certificate in the SAML response.
• D. The username in the name ID field does not have the "marketing-users" group name.

Correct answer: D

Explanation

The issue arises because the username in the name ID field does not include the 'marketing-users' group name, which is essential for the access policy to block them correctly. The other options, while related to SAML responses, do not specifically address the group's association necessary for the policy to take effect.