nerdexam
ExamsSC-300Questions#119
MicrosoftMicrosoft

SC-300 · Question #119

SC-300 Question #119: Real Exam Question with Answer & Explanation

The correct answer is C: an application control profile in Microsoft Endpoint Manager. Explanation An application control profile in Microsoft Endpoint Manager (now Microsoft Intune) allows administrators to restrict which applications can run on managed devices, effectively blocking legacy email clients that rely on Basic authentication and permitting only Modern

Submitted by minji_kr· Mar 6, 2026Implement authentication and access management solution

Question

You have a Microsoft 365 tenant. You currently allow email clients that use Basic authentication to conned to Microsoft Exchange Online. You need to ensure that users can connect t to Exchange only run email clients that use Modern authentication protocols. You need to ensure that use Modern authentication. What should you implement?

Options

  • Aa compliance policy in Microsoft Endpoint Manager
  • Ba conditional access policy in Azure Active Directory (Azure AD)
  • Can application control profile in Microsoft Endpoint Manager
  • Dan OAuth policy in Microsoft Cloud App Security

Explanation

Explanation

An application control profile in Microsoft Endpoint Manager (now Microsoft Intune) allows administrators to restrict which applications can run on managed devices, effectively blocking legacy email clients that rely on Basic authentication and permitting only Modern authentication-capable clients - directly addressing the requirement to control which email clients users can run.

Why the distractors are wrong:

  • Option A (Compliance policy): Compliance policies assess whether devices meet health/security standards (e.g., PIN required, encryption enabled), but they don't control which specific applications can or cannot run.
  • Option B (Conditional Access): While Conditional Access can block legacy authentication protocols, the question specifically asks about controlling which email clients users can run - a distinction that points to application control rather than access policy enforcement.
  • Option D (OAuth policy in Cloud App Security): OAuth policies in Defender for Cloud Apps manage third-party app permissions, not the enforcement of which local email clients are permitted on devices.

💡 Memory Tip: Think of it this way - "Control" the application = Application Control Profile. Whenever a question asks you to restrict which apps can run on a device, that's always an application control function in Endpoint Manager, not a compliance or access policy.

Topics

#Modern Authentication#Legacy Authentication#Exchange Online#Endpoint Manager

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full SC-300 PracticeBrowse All SC-300 Questions