SC-300 Questions Bank

In Microsoft Entra ID (Azure AD), Security Defaults is a built-in baseline security configuration that enforces basic identity protection, such as requiring all users to register for multi-factor authentication (MFA) using the Microsoft Authenticator app. When security defaults are enabled, users cannot select alternate MFA methods (like SMS or phone call).

According to the Microsoft SC-300 Official Study Guide and Azure AD Identity Protection documentation , only administrators with elevated security roles—specifically the Security Administrator, Global Administrator, or Conditional Access Administrator—can enable or disable security defaults.

Here’s the detailed reasoning:

User1 (Security Administrator): This role can manage identity security settings, including modifying MFA configurations and security defaults.

User2 (Privileged Authentication Administrator): This role can reset MFA details for other users but cannot modify tenant-wide MFA or security default settings.

User3 (Service Support Administrator): This role is limited to viewing service health and support tickets and has no permissions to modify security configurations.

Since User2 is restricted by security defaults (which enforce Microsoft Authenticator only), the only way to allow alternative MFA methods is to disable or customize security defaults. That configuration must be done by User1 (Security Administrator).

Microsoft Documentation: “To enable or disable security defaults, you must be a Global Administrator, Security Administrator, or Conditional Access Administrator.”

In Azure AD Privileged Identity Management (PIM), the activation settings shown for the Global Administrator role include “On activation, require Azure MFA: Yes.” The SC-300 materials describe that when this flag is enabled, “eligible users must complete MFA during role activation.” Therefore, User1, who is eligible for Global Administrator, must satisfy MFA at activation time.

The exhibit also shows “Require approval to activate: No (Approvers: None).” Per the exam guide, “if approvals are not required, no approver action is taken; users activate directly after satisfying policy (e.g., MFA, justification).” Consequently, there are no activation requests to approve, so User2 cannot approve all activation requests (there are none).

Regarding who can change role assignments, the guide states that “only Global Administrator or Privileged Role Administrator (Role Management Administrator) can add, remove, or update Azure AD role assignments in PIM.” Privileged Authentication Administrator focuses on authentication method and MFA settings and does not grant role-assignment management. Thus, User2 (Privileged Authentication Administrator) cannot edit the assignment, while User3 (Global Administrator) can; since the statement claims both can edit, the correct evaluation is No.

According to the Microsoft SC-300: Identity and Access Administrator study materials and Microsoft Defender for Cloud Apps documentation, connecting third-party cloud applications such as GitHub , AWS , and Google Workspace to Defender for Cloud Apps allows the administrator to monitor user activities and OAuth app authentications in those external services.

The App connectors feature within Microsoft 365 Defender / Microsoft Defender for Cloud Apps provides deep visibility into sanctioned cloud applications by integrating their APIs. When an app connector is added — such as the GitHub app connector — Defender for Cloud Apps begins ingesting audit logs, including OAuth authorization events , sign-in attempts, and token consent grants.

The relevant Microsoft documentation states:

“App connectors use APIs from connected apps to extend visibility and control to cloud services, enabling monitoring of OAuth application authorizations and security activities.”

Since the question specifically asks to monitor OAuth authentication requests , adding the GitHub app connector fulfills this requirement because it brings OAuth consent and token data from GitHub into Microsoft 365 Defender (via Defender for Cloud Apps).