Exam AZ-301 topic 2 question 42 discussion

B is the correct Answer. The question specifically states that the contractors would login in periodically. This means the contractors are not expected to have regular activity. See the link below https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-authprovider "The per-authentication option calculates the number of authentications performed against your tenant in a month. This option is best if you have a number of users authenticating only occasionally. The per-user option calculates the number of individuals in your tenant who perform two-step verification in a month. This option is best if you have some users with licenses but need to extend MFA to more users beyond your licensing limits." This clearly proves that B is the right answer.

Why not B

Since we need to save on costs, we should not purchase additional licences for the contractors. You can just enable Multi-Factor authentication on a user by user basis for the contractors.

B. Use the Multi-Factor Authentication provider in Azure and configure the usage model for each authentication type

c is correct Answer.

CosmosDB= HMAC https://docs.microsoft.com/en-us/azure/cosmos-db/database-security

Answer is C. The company currently uses Azure AD Premium for all employees so they all have MFA license. From the link - https://docs.microsoft.com/en-us/azure/active-directory/authentication/multi-factor-authentication-faq : If your directory has a per-authentication, you are always billed for each authentication. You can assign MFA licenses to users, but you'll still be billed for every two-step verification request, whether it comes from someone with an MFA license assigned or not. If your directory has a per-user Azure Multi-Factor Authentication provider, you can add MFA licenses. Users with licenses are not counted in the per-user consumption-based billing. Users without licenses can still be enabled for MFA through the MFA provider. So you would only pay fo contractors when they are added as per user MFA provider.

https://docs.microsoft.com/en-us/azure/active-directory/authentication/multi-factor-authentication-faq. Answer is B. Not C because, Billing is based on the number of users configured to use Multi-Factor Authentication, regardless of whether they performed two-step verification that month.

C is correct reason "This option is best if you have some users with licenses but need to extend MFA to more users beyond your licensing limits." the employees have the licences but we would like to extend that to the contractors

I think the answer is C, since the question states specifically that the contractors will access on demand. If all the authentications were the same, the question wouldn't mention the contractors.

answer is B

I think Answer C is correct as the question is asking for "all employees and contractors are required to log on by using two-factor authentication"

B. There are two types of Auth providers, and the distinction is around how your Azure subscription is charged. The per-authentication option calculates the number of authentications performed against your tenant in a month. This option is best if you have a number of users authenticating only occasionally. The per-user option calculates the number of individuals in your tenant who perform two-step verification in a month. This option is best if you have some users with licenses but need to extend MFA to more users beyond your licensing limits.

ANS: B The per-authentication option calculates the number of authentications performed against your tenant in a month. This option is best if you have a number of users authenticating only occasionally.

Effective September 1st, 2018 new auth providers may no longer be created. Since auth providers have been deprecated time ago, I would say that neither B, nor C seem to be the right answer. Perhaps, before that date option B or C was valid ( in that case, I tend to say B because contractors will access periodically based on demand--> cheaper paying per authentication) For answer A and D, I've never heard about the possibility of purchasing Azure Multi-Factor Authentication licenses. You can purchase licenses for the different AD tiers. Trying to figure out answers A and D reworded to reflect the bought of AD premium licenses, there is no need to buy licenses for employees (they all have premium licenses assigned), so I’d bet D. In any case, in a real world scenario like this, since Azure Active Directory B2B gives you the Premium tier level for 5 external users per each internal user with Premium license assigned, you won't probably need to buy any additional license since you can have as many external collaborator as employees x 5

so is it B or C? I would say C here. What do you say?

What is an MFA Provider? There are two types of Auth providers, and the distinction is around how your Azure subscription is charged. The per-authentication option calculates the number of authentications performed against your tenant in a month. This option is best if you have a number of users authenticating only occasionally. The per-user option calculates the number of individuals in your tenant who perform two-step verification in a month. This option is best if you have some users with licenses but need to extend MFA to more users beyond your licensing limits. Here https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-licensing it states following as well: Important Consumption-based licensing is no longer available to new customers effective September 1, 2018. Existing customers using the consumption-based model can continue to use either per enabled user or per authentication billing. Having both in mind I think it should be per-user as majority of employes will constantly use MFA.