SC-300 Question #116: Real Exam Question with Answer & Explanation

Question

Your organization is considering allowing employees to work remotely and to use their own devices to access many of the organizations resources. However, to help protect against potential data loss, your organization needs to ensure that only approved applications can be used to access the company data. What can you configure to meet this requirement?

Options

• APrivileged Identity Management
• BConditional Access Policies
• CRBAC roles
• DAzure Security Center

Explanation

Conditional Access Policies (Option B) allow organizations to enforce granular access controls based on specific conditions, including requiring that only approved (compliant) applications can be used to access company data - this is achieved through the "Approved client app" or "App protection policy" grant controls, making it the perfect fit for a BYOD (Bring Your Own Device) scenario.

Why the distractors are wrong:

• A. Privileged Identity Management (PIM) manages elevated/privileged role access on a just-in-time basis - it controls who can temporarily assume admin roles, not which apps can access data.
• C. RBAC roles control what resources a user or service can access based on their assigned role, but cannot restrict access based on the application being used.
• D. Azure Security Center (now Microsoft Defender for Cloud) is a threat protection and security posture management tool - it monitors and protects infrastructure but doesn't enforce app-level access policies.

Memory Tip: Think of Conditional Access as a bouncer at a club - it checks conditions before granting entry (Is your device compliant? Are you using an approved app? Are you in an approved location?). If the conditions aren't met, access is denied - perfect for BYOD scenarios.

No community discussion yet for this question.