Microsoft 365 Security Administration: Monitoring Cloud App Access Activities in Real Time

Monitor Cloud App Access Activities in Real Time

Question

This is part of a question set of 2 questions: You are a global administrator in a company with an Azure P1 subscription.

Your company has purchased several cloud apps provided by 3rd party vendors.

Too gain more knowledge about the usage of one of the cloud apps, you would like to capture and monitor the access activities of the app in real time.

First you create a new App Registration in Azure Active Directory, and register the mentioned app.

You have also created a conditional access policy in Azure AD admin center to enable the app in Cloud App Security.

What should you do next?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer: D

You should create an Access Policy in Cloud App Security admin center.

After you create a conditional access policy in Azure AD to get your apps sessions to Cloud App Security, your application will appear in the Cloud App Security admin center under “Conditional Access App Control apps”

Connected apps

App connectors Conditional Access App Control apps | Security configuration apps

The Conditional Access App Control adds real-time monitoring and control capabilities for your apps.
To enable Conditional Access App Control capabilities on your apps, follow the deployment instructions.

Now you can create an Access Policy for your app which will enable real-time monitoring of the application, as requested.

REESE STG penor report

Threat detection Information protection Conditional access
Cloud app catalog
6d Investigate A Filters:
Activity log Name: | Policy name. Type: Select type.. Y Status: ACTIVE)
Files
Users and accounts + Create policy ~

Security configuration

Identity security posture Session policy

‘OAuth apps

Connected apps (1)

Option A is incorrect.

Session policies enables real-time session-level monitoring.

The request was monitoring of access in real time.

Option B is incorrect.

This feature connects Cloud App Security to a public app like Dropbox and GitHub, and is not the correct answer.

Option C is incorrect.

This adds an app to Intune.

Reference:

To know more about conditional access app control, please refer to the link below:

After registering the third-party cloud app and creating a conditional access policy in Azure AD, the next step is to enable monitoring of the app's access activities in real-time. This can be accomplished through Microsoft Cloud App Security, a comprehensive cloud access security broker (CASB) that allows organizations to gain visibility and control over their cloud apps and services.

The correct answer is A. In Cloud App Security admin center, create a Session Policy.

Here is a detailed explanation of why A is the correct answer:

A. In Cloud App Security admin center, create a Session Policy: Session Policies in Cloud App Security allow you to monitor and control user sessions in real-time. With session policies, you can define specific actions to take when certain conditions are met, such as blocking or logging user sessions based on specific criteria. To create a session policy for the third-party app in Cloud App Security, follow these steps:

  1. Log in to the Microsoft Cloud App Security portal with your global administrator credentials.
  2. Click on the "Policies" tab in the left-hand navigation menu.
  3. Click on "Session Policies" and then click the "New Policy" button.
  4. In the "General" tab, give your policy a name and description.
  5. In the "Session Control" tab, select the third-party cloud app from the list of apps and set the conditions for the policy.
  6. In the "Session Behavior" tab, select the actions to take when the policy conditions are met.
  7. Click "Save" to create the policy.

With the session policy in place, you can now monitor and control user sessions for the third-party app in real-time.

B. In Cloud App Security admin center, connect an app: Connecting an app in Cloud App Security means integrating it with the CASB platform to enable monitoring and control of the app's usage. However, since you have already registered the app and created a conditional access policy in Azure AD, connecting the app in Cloud App Security is not necessary.

C. In Endpoint Management admin center, add an app: Endpoint Management is a separate service from Cloud App Security and is used for managing and securing mobile devices and apps. Adding the third-party app to Endpoint Management would not enable monitoring of the app's access activities in real-time.

D. In Cloud App Security admin center, create an Access Policy: Access Policies in Cloud App Security are used to define access controls and permissions for users and groups accessing cloud apps and services. However, creating an access policy would not enable monitoring of the third-party app's access activities in real-time.