- 2 перегляди
Exam
Answer confirmed
Preamble
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
Question
Your company has an Azure Active Directory (Azure AD) subscription.
You want to implement an Azure AD conditional access policy.
The policy must be configured to require members of the Global Administrators group to use Multi-Factor Authentication and an Azure AD-joined device when they connect to Azure AD from untrusted locations.
Solution: You access the multi-factor authentication page to alter the user settings.
Does the solution meet the goal?
Proposed answer
- A. Yes
- B. No
Suggested answer
B. No
Correct answer
The suggested answer is correct
green_arrow
Highly Voted 4 years, 3 months ago
B is correct, 1- the best way to enforce MFA is by Conditional Access 2- the device has to be identified by azure AD as A AD joined Device. 3- the trusted ip must be configured.
upvoted 163 times
jackdryan
2 years, 8 months ago
B is correct. You access the Azure portal to alter the grant control of the Azure AD conditional access policy.
upvoted 13 times
BeauChateau
Highly Voted 2 years, 5 months ago
Selected Answer: B
No, the solution does not meet the goal. To implement the required conditional access policy, the following steps should be taken: Create a new Conditional Access policy in Azure AD portal. Set the policy to require Multi-Factor Authentication and Azure AD device registration. In the policy's "Users and Groups" section, specify the Global Administrators group as the target. In the policy's "Conditions" section, specify the locations that are considered untrusted. Save the policy. Simply accessing the multi-factor authentication page and altering user settings does not provide a comprehensive solution to meet the stated goal.
upvoted 65 times
RushaShah
Most Recent 1 month, 1 week ago
Selected Answer: B
Answer: B. No The requirement is to enforce Conditional Access rules that combine: 1. MFA (Multi-Factor Authentication) 2. Device compliance (Azure AD-joined device) 3.Location-based access (trusted vs. untrusted locations). Simply going to the Multi-Factor Authentication page and altering user settings will only enable or enforce MFA on the user account, it does not enforce device requirements, it does not apply location-based rules. To meet the requirement, you must configure a Conditional Access policy in Azure AD. That’s where you can specify conditions like "Require MFA" + "Require Hybrid Azure AD-joined or compliant device" + "Apply only to Global Administrators group" + "Exclude trusted locations." So, altering only the MFA settings does not achieve the goal.
upvoted 2 times
Barnabe_TEBDA
2 months, 3 weeks ago
Selected Answer: B
No, because, it is not a good solution when we use multi factoer to alter user, but we must use AD.
upvoted 1 times
Sahar_A
3 months ago
Selected Answer: B
B is correct
upvoted 1 times
Vic_Somi
3 months, 2 weeks ago
Selected Answer: B
This is done using conditional access
upvoted 1 times
SherryJamkam
3 months, 3 weeks ago
Selected Answer: B
fails to enforce MFA and Azure AD-joined device requirements for Global Admins in untrusted locations. Thus, it does not meet the goal
upvoted 1 times
SherryJamkam
3 months, 3 weeks ago
Selected Answer: B
No, the solution does not meet the goal.
upvoted 1 times
Kabilanis
4 months ago
Selected Answer: B
Below are the possible options for this scenario. Consolidating here for easy read of subscribers. Solution: You access the multi-factor authentication page to alter the user settings. - No Solution: You access the Azure portal to alter the session control of the Azure AD conditional access policy. - No Solution: You access the Azure portal to alter the grant control of the Azure AD conditional access policy. - Yes
upvoted 1 times
Kabilanis
4 months ago
Selected Answer: B
Below are the options for this question. Commenting here for easy read. Solution: You access the multi-factor authentication page to alter the user settings. - No Solution: You access the Azure portal to alter the session control of the Azure AD conditional access policy. - No Solution: You access the Azure portal to alter the grant control of the Azure AD conditional access policy. - Yes
upvoted 1 times
Naru60
4 months, 2 weeks ago
Selected Answer: B
Correctly requires configuration in the “Grant (Access Control)” section
upvoted 1 times
ZUMY
4 months, 3 weeks ago
Selected Answer: B
B is the answer
upvoted 1 times
kjbalamurugan
6 months ago
Selected Answer: B
Policy should be configured at group level not at user level
upvoted 1 times
Emmanuel25512
6 months ago
Selected Answer: B
Il faut configurer l'accès conditionnel en ajoutant MFA
upvoted 1 times
Makaziwe
6 months, 2 weeks ago
Selected Answer: B
Condition access policies aren't confugured on the multi-factor authentication MFA page, to achieve the desired results you'd need to create the conditional access policy in Azure AD specifying access, conditions, access controls.
upvoted 1 times
juancarlosdlar
7 months, 1 week ago
Selected Answer: B
You can understand the answer here: https://learn.microsoft.com/en-us/entra/identity/authentication/tutorial-enable-azure-mfa?toc=%2Fentra%2Fidentity%2Fconditional-access%2Ftoc.json&bc=%2Fentra%2Fidentity%2Fconditional-access%2Fbreadcrumb%2Ftoc.json
upvoted 1 times
Vinny
8 months, 3 weeks ago
Selected Answer: B
B should be right one
upvoted 1 times
Raki1049
10 months ago
Selected Answer: B
No, the solution does not meet the goal. To achieve the desired outcome, you need to configure a conditional access policy that specifically targets the Global Administrators group and sets the required conditions, such as Multi-Factor Authentication (MFA) and the use of an Azure AD-joined device when accessing from untrusted locations. Altering the session control alone is not sufficient to enforce these specific requirements. You would need to: 1. Create a new conditional access policy in the Azure portal. 2. Target the Global Administrators group. 3. Set the conditions to require MFA and an Azure AD-joined device. 4. Specify the locations considered untrusted. Would you like more detailed steps on how to configure this policy?
upvoted 1 times
kiwwwyis
1 year ago
B. No is the answer because to enable the MFA depending on the condition can only be enabled from the conditional access option. Not from MFA option
upvoted 2 times
IsaacRayan
1 year ago
La bonne réponse c'est la A
upvoted 1 times
examprepboy
1 year, 1 month ago
Selected Answer: B
You set MFA by conditional access and use the grant option
upvoted 1 times
tsummey
1 year, 4 months ago
Selected Answer: B
This isn't a user setting; you need to create a conditional access policy: Under Assignments select the Global Admin Group Under Conditions set the location to any location and exclude all trusted locations Under Access Controls, grant access and check the options for require MFA and require the device to be marked as compliant.
upvoted 3 times
tashakori
1 year, 7 months ago
No is right
upvoted 1 times
Saurabh_Bhargav
1 year, 8 months ago
B. No is the answer because to enable the MFA depending on the condition can only be enabled from the conditional access option. Not from MFA option
upvoted 1 times
go4adil
1 year, 8 months ago
Correct Answer: B (No) In order to implement MFA and Azure AD-Joined device, you need to create a 'Conditional Access Policy'. To implement conditional access policy; Go to Microsoft Entra-->Protection-->Security Center-->Conditional Access Page. (Microsoft Entra Premium is required to implement Conditional Access policy) MFA page can't facilitate implementation of conditional access policy.
upvoted 8 times
_gio_
1 year, 9 months ago
Selected Answer: B
answer is B
upvoted 1 times
79652e9
1 year, 10 months ago
B is correct
upvoted 1 times
Minaru
2 years ago
Correct answer is B. The solution does not meet the goal. While accessing the multi-factor authentication page allows you to configure multi-factor authentication for users, it does not specifically target the members of the Global Administrators group. To meet the goal of requiring Global Administrators to use Multi-Factor Authentication and an Azure AD-joined device when connecting from untrusted locations, you need to set up an Azure AD conditional access policy.
upvoted 9 times
alexel222
2 years, 1 month ago
Selected Answer: B
correcto
upvoted 1 times
fiahbone
2 years, 1 month ago
Selected Answer: B
The clue to the answer is in the question. You want to implement an Azure AD conditional access policy.
upvoted 2 times
pb7o61
2 years, 1 month ago
Selected Answer: B
Given the requirements, you need to set up an Azure AD conditional access policy that enforces both Multi-Factor Authentication (MFA) and the use of Azure AD-joined devices for members of the Global Administrators group when connecting from untrusted locations. The provided solution suggests accessing the multi-factor authentication page to alter user settings. This would allow you to enforce MFA, but it does not address the requirement for the use of Azure AD-joined devices when they connect from untrusted locations. Thus, the solution does not fully meet the goal. The answer is: B. No.
upvoted 9 times
james2033
2 years, 3 months ago
Selected Answer: B
The keywords: - 1 Azure Active Directory subscription. - 1 Azure Active Directory Conditional Access Policy. - must, require, members, Global Administrators group - use MFA + Azure-Active-Directory-Joined device (untrusted locations) - MFA page to Alter the user settings (this is the most key information). Cannot use MFA (multi-factor authentication) page --to--> Alter the user settings. Therefore, answer is B. (No).
upvoted 3 times
ShyamNallu_100813
2 years, 3 months ago
Selected Answer: B
B is correct ans
upvoted 1 times
dhivyamohanbabu
2 years, 4 months ago
Option B.
upvoted 2 times
Dungeon_Master
2 years, 4 months ago
Selected Answer: B
B is correct
upvoted 2 times
Chris2603
2 years, 6 months ago
Selected Answer: B
B is correct
upvoted 1 times
Madbo
2 years, 6 months ago
B. No. The solution does not meet the goal as it only addresses the requirement for Global Administrators and does not specify the need for an Azure AD-joined device or untrusted locations. To meet the requirements, a conditional access policy needs to be created with the appropriate settings.
upvoted 2 times
kukushka
2 years, 7 months ago
I hate questions which requires you to "remember" location of things rather than being able to do the things.
upvoted 12 times
vishalarora1607
2 years, 8 months ago
B is the correct answer
upvoted 1 times
UmbongoDrink
2 years, 8 months ago
Selected Answer: B
Conditional Access policies are configured from the Azure AD Blade under Security settings page and not from the MFA settings page.
upvoted 8 times
Rufusinski
2 years, 9 months ago
Selected Answer: B
B is correct.
upvoted 1 times
Mindvision
2 years, 9 months ago
B=correct answer. MFA page can been access to enforce user to use MFA. However, the other part states domain joined so you ne Condition Access blade for that, which also can configure MFA.
upvoted 1 times
aKalyan911
2 years, 11 months ago
Conditional Access policies support built-in roles. Conditional Access policies are not enforced for other role types including administrative unit-scoped or custom roles.
upvoted 5 times
mniyas
2 years, 11 months ago
MFA to be defined under conditional access policy.
upvoted 1 times
Cool_Z
3 years ago
Selected Answer: B
Conditional Access policies are configured from the Azure AD Blade under Security settings page and not from the MFA settings page.
upvoted 11 times
gabyrever
3 years, 1 month ago
Selected Answer: B
Conditional Access policies are configured from the Azure AD Security settings page and not from the MFA settings page.
upvoted 7 times
NaoVaz
3 years, 1 month ago
Selected Answer: B
In my opinion the correct option is B) "No". To configure MFA the correct way is through Conditional Access Policies. Based on the provided documentation the correct approach is through "Grant" Access Controls.
upvoted 6 times
BigBigChannel
3 years, 1 month ago
B is correct
upvoted 1 times
EmnCours
3 years, 1 month ago
Correct Answer: B
upvoted 1 times
examtopicssignup1
3 years, 5 months ago
B is correct
upvoted 1 times
RalphLiang
3 years, 6 months ago
Selected Answer: B
Answer is correct
upvoted 1 times
shako
3 years, 7 months ago
MFA trusted IPs can be altered in Azure Active Directory > Security > Conditional Access Answer is B.
upvoted 4 times
Sandeept1992
3 years, 7 months ago
B is correct
upvoted 1 times
brand9
3 years, 7 months ago
B is correct answer
upvoted 1 times
NishanthTech90
3 years, 7 months ago
B is correct
upvoted 1 times
AzureLearner76
3 years, 8 months ago
Selected Answer: B
You need conditional access to define the trusted locations to enforce the join
upvoted 1 times
Stanh777
3 years, 8 months ago
Selected Answer: B
Vote for B
upvoted 1 times
PeterHu
3 years, 8 months ago
B is the correct choice
upvoted 1 times
nqthien041292
3 years, 8 months ago
Selected Answer: B
Vote B
upvoted 2 times
PassForSure007
3 years, 9 months ago
Selected Answer: B
Correct answer is B
upvoted 1 times
Shabbow
3 years, 9 months ago
B is the correct choice.
upvoted 1 times
elishlomo
3 years, 9 months ago
Correct answer - B. To enforce MFA from an untrusted location, you need to create a conditional access rule that requires MFA.
upvoted 2 times
leoiq91
3 years, 9 months ago
yes, this is correct B
upvoted 1 times
hanyahmed
3 years, 10 months ago
Selected Answer: B
B is correct
upvoted 2 times
Prano
3 years, 10 months ago
Ans : B
upvoted 4 times
John117
3 years, 11 months ago
B is correct, It should be in the the grant control of the Azure AD conditional access policy.
upvoted 3 times
Roger95
3 years, 11 months ago
Selected Answer: B
In order to implement Conditional Access, use below path Home > Your Directory > Security > Conditional Access
upvoted 6 times
poojamh4
3 years, 11 months ago
how to get free access for all 300 questions
upvoted 2 times
nherrerab
4 years ago
B is correct.
upvoted 2 times
villanz
4 years ago
Going to attend exam's today 03/10/2021 half an hour to go
upvoted 1 times
YooOY
4 years, 1 month ago
Ans: No. To achieve the goal, we need 2 policy: A custom condition policy for joined device, existing common policy Conditional Access: Require compliant devices seems not working in this case out of box.
upvoted 3 times
YooOY
4 years, 1 month ago
Hmmm, Instead of the MFA page mentioned above, you have to go the route of Conditional Access Policy-->Grant Control mentioned here for this question. Under Grant Control you are given the option of setting MFA and requiring AD joined devices in the exact same window.
upvoted 2 times
Ben_CAP
4 years, 1 month ago
I couldn't test in my free lab since I have no AZ AD.
upvoted 2 times
Micah7
4 years, 2 months ago
The answer is B here and A on the other version of this question you will see later where it mentions under Grant Control. There is a MFA page in Azure portal but you cant do the conditional MFA/device requirement from there......You must go the route of Conditional Access Policy--->Grant Control I did this in lab step by step. The settings for "MFA" and "joined devices" requirement is EXACTLY on the same subpage pop out when configuring the Conditional Access policy.
upvoted 2 times
Micah7
4 years, 2 months ago
The answer is A. I did this in lab step by step. The settings for "MFA" and "joined devices" requirement is EXACTLY on the same subpage pop out when configuring the policy. Here is the page with the walkthrough steps:
upvoted 1 times
Loi2525
4 years, 3 months ago
I believe it is B - NO:
upvoted 3 times