You are the security administrator for Contoso Corporation. The company uses Microsoft 365 E5 licenses, which include Microsoft Entra ID P2, Microsoft Purview, and Microsoft Defender XDR. Contoso has a hybrid identity environment with Microsoft Entra Connect syncing on-premises Active Directory to Microsoft Entra ID. The company recently experienced a data breach where an attacker compromised a user's credentials and exfiltrated sensitive customer data from SharePoint Online. The investigation revealed that the compromised user did not have MFA enabled and had admin consent to a malicious third-party OAuth app. To prevent future incidents, management has mandated the following requirements: (1) Enforce MFA for all users, especially those accessing sensitive data. (2) Block all OAuth apps that are not pre-approved by IT. (3) Detect and respond to identity-based threats in real-time. (4) Classify and protect sensitive data in SharePoint and Teams. You need to recommend a solution that meets all requirements. Which combination of Microsoft security solutions should you implement?
This combination meets all requirements: Conditional Access enforces MFA, Defender for Cloud Apps blocks OAuth apps, Defender for Identity detects threats, and Purview Information Protection classifies data.
Why this answer
Conditional Access enforces MFA and can block OAuth apps; Defender for Cloud Apps provides OAuth app governance; Defender for Identity detects identity threats; Purview Information Protection classifies and protects data. Defender for Cloud is for cloud workload protection, not identity or OAuth. Intune is for device management.
Sentinel is a SIEM but not specific for identity threat detection. The correct combination covers all four requirements.