Note: This question is part of a series of questions that present the same scenario.
Each question in the series contains a unique solution that might meet the stated goals.
Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it.
As a result, these questions will not appear in the review screen.
You have a Microsoft 365 tenant and 500 computers that run Windows 10
The computers are onboarded to the Microsoft 365 compliance center.
You discover that a third-party application named Tailspin_scanner.exe accessed protected sensitive information on multiple computers.
Tailspin_scanner.exe is installed locally on the computers.
You need to block Tailspin_scanner.exe from accessing sensitive documents without preventing the application from accessing other documents.
Solution: From the Cloud App Security portal, you create an app discovery policy.
Does this meet the goal?
Click on the arrows to vote for the correct answer
A. B.B.
You can create app discovery policies to alert you when new apps are detected within your organization.
Use the unallowed apps list instead.
https://docs.microsoft.com/en-us/cloud-app-security/cloud-discovery-policies https://docs.microsoft.com/en-us/microsoft-365/compliance/endpoint-dlp-using?view=o365-worldwideThe proposed solution to create an app discovery policy from the Cloud App Security portal would not meet the goal of blocking Tailspin_scanner.exe from accessing sensitive documents without preventing the application from accessing other documents.
An app discovery policy in Microsoft Cloud App Security can help you discover cloud applications used in your organization and assess their risk level. It allows you to set rules to prevent certain cloud apps from being accessed or to apply conditional access policies to control the access of cloud apps based on various factors. However, it is not designed to control the access of local applications installed on computers.
To block Tailspin_scanner.exe from accessing sensitive documents without preventing the application from accessing other documents, you can use Windows Defender Application Control (WDAC) to create a code integrity policy that blocks the execution of Tailspin_scanner.exe if it attempts to access protected files.
WDAC is a Windows security feature that allows you to create policies that determine which applications are allowed to run on a computer. You can use it to enforce code integrity policies that ensure only trusted and authorized applications are allowed to run. By creating a code integrity policy that blocks the execution of Tailspin_scanner.exe if it attempts to access protected files, you can prevent the application from accessing sensitive documents without preventing it from accessing other documents.
To create a code integrity policy using WDAC, you can follow these steps:
By following these steps, you can ensure that Tailspin_scanner.exe is prevented from accessing sensitive documents while still allowing it to access other documents.