Who can use conditional access policies to control sessions in real time?

Disable ads (and more) with a membership for a one time $4.99 payment

Study for the Microsoft SC-900 Exam. Master key concepts with targeted flashcards and multiple-choice questions, featuring hints and explanations. Get prepared and confident for success!

The correct choice is Microsoft Cloud App Security, as it is specifically designed to enhance security across cloud applications through various advanced features, including real-time session control. Conditional access policies allow organizations to define specific requirements for users attempting to access applications based on their identity and the context of their access attempt, such as device state, location, and user risk.

Microsoft Cloud App Security utilizes these conditional access policies to enforce controls dynamically during user sessions. This means that if certain risk factors arise, such as an unusual login location or device, the session can be modified in real time to limit access, prompt for additional authentication, or enforce other security measures. This capability is crucial for organizations looking to proactively manage security risks associated with user access.

While Azure Active Directory Privileged Identity Management (PIM), Azure Defender, and Azure Sentinel have their respective security functions, they do not provide the same level of real-time session control over cloud application sessions that Microsoft Cloud App Security offers. PIM focuses primarily on managing and controlling administrative privileges, Azure Defender provides threat protection for services and resources across various environments, and Azure Sentinel serves as a Security Information and Event Management (SIEM) tool to analyze security incidents, but none are directly involved in the real-time session management of cloud applications