Free Microsoft Identity SC-300 Actual Exam Questions - Question 14 Discussion
HOTSPOT You have a Microsoft 365 tenant. Sometimes, users use external, third-party applications that require limited access to the Microsoft 365 data of the respective user. The users register the applications in Azure Active Directory (Azure AD). You need to receive an alert if a registered application gains read and write access to the users’ email. What should you do? To answer, select the appropriate options in the answer area. NOTE:Each correct selection is worth one point. 
I think setting up an alert in Azure AD for permission changes is key here, since it tracks when apps get new permissions like read/write on mail. Defender stuff feels off-topic for this specific permission alert.
I’d go with enabling audit logs for app registrations and setting alerts specifically on permission grants involving mail read/write scopes. That way, any app getting those permissions triggers an alert independently of sign-in risk.
I chose the option to create an Azure AD conditional access policy combined with an alert for permissions changes. Apps gaining read/write email access should trigger a sign-in risk or permission change alert, catching those actions early.
This one’s kinda tricky, what did you go for?