Netskope Exam NSK300 Topic 7 Question 4 Discussion

Actual exam question for Netskope's NSK300 exam

Question #: 4
Topic #: 7

A company needs to block access to their instance of Microsoft 365 from unmanaged devices. They have configured Reverse Proxy and have also created a policy that blocks login activity for the AD group "marketing-users" for the Reverse Proxy access method. During UAT testing, they notice that access from unmanaged devices to Microsoft 365 is not blocked for marketing users.

What is causing this issue?

AThere is a missing group name in the SAML response.

BThe username in the name ID field is not in the format of the e-mail address.

CThere is an invalid certificate in the SAML response.

DThe username in the name ID field does not have the 'marketing-users' group name.

Show Suggested Answer

Suggested Answer: A

The issue is likely caused by a missing group name in the SAML response (A). When access to Microsoft 365 from unmanaged devices is not blocked as expected, despite having a policy in place, it often indicates that the SAML assertion is not correctly identifying the user as a member of the restricted group. In this case, the ''marketing-users'' group name should be present in the SAML response to enforce the policy that blocks login activity for this group. If the group name is missing, the policy will not apply, and users will not be blocked as intended.

by Juliana at Apr 29, 2024, 01:15 PM

Limited Time Offer

25%

6 months ago

Hey, did you see the question about blocking access for unmanaged devices?

upvoted 0 times

...