Conditional Access Policies

Implementing Application-Enforced Restrictions with Defender for Cloud Apps looks at how to monitor and prevent cloud applications from corrupting and exfiltrating enterprise data. The lesson starts by looking at how cloud apps get into a corporate ecosystem, specifically at roles that can register apps. Then, we see how to discover which apps are operating in an enterprise landscape and their security profile using Microsoft Defender for Cloud Apps. The lesson ends by looking at the various policies you can create and enable within Defender for Cloud Apps to control or restrict what applications and users can do.

Learning Objectives

• Learn how to configure Entra ID settings in conjunction with RBAC to limit who can deploy and register apps.
• Learn how to use Microsoft Defender for Cloud Apps to discover cloud applications in your enterprise landscape.
• Learn how to create and enable policies to restrict how apps and users interact with corporate data.

Intended Audience

This course is intended for students working towards the SC-300: Microsoft Identity and Access Administrator exam and those who want to know how to monitor and control cloud applications with Microsoft Defender for Cloud Apps.

Prerequisites

Students should have familiarity with

• RBAC
• cloud app deployment
• information protection topics such as sensitivity labels