ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-300 All Questions

View all questions & answers for the SC-300 exam
Go to Exam

Exam SC-300 topic 1 question 48 discussion

Actual exam question from Microsoft's SC-300
Question #: 48
Topic #: 1
[All SC-300 Questions]

Case Study -


Overview -

ADatum Corporation is a consulting company in Montreal.

ADatum recently acquired a Vancouver-based company named Litware, Inc.

Existing Environment. ADatum Environment

The on-premises network of ADatum contains an Active Directory Domain Services (AD DS) forest named adatum.com.

ADatum has a Microsoft 365 E5 subscription. The subscription contains a verified domain that syncs with the adatum.com AD DS domain by using Azure AD Connect.

ADatum has an Azure Active Directory (Azure AD) tenant named adatum.com. The tenant has Security defaults disabled.

The tenant contains the users shown in the following table.



The tenant contains the groups shown in the following table.



Existing Environment. Litware Environment

Litware has an AD DS forest named litware.com

Existing Environment. Problem Statements

ADatum identifies the following issues:

• Multiple users in the sales department have up to five devices. The sales department users report that sometimes they must contact the support department to join their devices to the Azure AD tenant because they have reached their device limit.
• A recent security incident reveals that several users leaked their credentials, a suspicious browser was used for a sign-in, and resources were accessed from an anonymous IP address.
• When you attempt to assign the Device Administrators role to IT_Group1, the group does NOT appear in the selection list.
• Anyone in the organization can invite guest users, including other guests and non-administrators.
• The helpdesk spends too much time resetting user passwords.
• Users currently use only passwords for authentication.


Requirements. Planned Changes -

ADatum plans to implement the following changes:

• Configure self-service password reset (SSPR).
• Configure multi-factor authentication (MFA) for all users.
• Configure an access review for an access package named Package1.
• Require admin approval for application access to organizational data.
• Sync the AD DS users and groups of litware.com with the Azure AD tenant.
• Ensure that only users that are assigned specific admin roles can invite guest users.
• Increase the maximum number of devices that can be joined or registered to Azure AD to 10.

Requirements. Technical Requirements

ADatum identifies the following technical requirements:

• Users assigned the User administrator role must be able to request permission to use the role when needed for up to one year.
• Users must be prompted to register for MFA and provided with an option to bypass the registration for a grace period.
• Users must provide one authentication method to reset their password by using SSPR. Available methods must include:
- Email
- Phone
- Security questions
- The Microsoft Authenticator app
• Trust relationships must NOT be established between the adatum.com and litware.com AD DS domains.
• The principle of least privilege must be used.


You need to resolve the issue of the sales department users.

What should you configure for the Azure AD tenant?

  • A. the Device settings
  • B. the User settings
  • C. the Access reviews settings
  • D. Security defaults
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Hull at July 24, 2023, 12:59 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
penatuna
Highly Voted 10 months ago
Selected Answer: A
Adatum identifies the following issues: "Multiple users in the sales department have up to five devices. The sales department users report that sometimes they must contact the support department to join their devices to the Azure AD tenant because they have reached their device limit." Requirements. Planned Changes: Increase the maximum number of devices that can be joined or registered to Azure AD to 10. Within Device settings, you can increase maximum number of devices a user can join/register to Azure AD. Azure Portal / Azure AD / Device / Device Settings -> in the "Azure AD join and registration settings" section, change the maximum number of devices a user can have in Azure AD.
upvoted 7 times
penatuna
10 months ago
Maximum number of devices: This setting enables you to select the maximum number of Azure AD joined or Azure AD registered devices that a user can have in Azure AD. If users reach this limit, they can't add more devices until one or more of the existing devices are removed. The default value is 50. You can increase the value up to 100. If you enter a value above 100, Azure AD will set it to 100. You can also use Unlimited to enforce no limit other than existing quota limits. Note! The Maximum number of devices setting applies to devices that are either Azure AD joined or Azure AD registered. This setting doesn't apply to hybrid Azure AD joined devices. https://learn.microsoft.com/en-us/azure/active-directory/devices/manage-device-identities#configure-device-settings
upvoted 3 times
...
...
test123123
Most Recent 5 months, 2 weeks ago
Selected Answer: A
t sounds like the sales department users are hitting the default device limit set in Azure AD. To resolve this issue, you can increase the maximum number of devices that each user can join to Azure AD. Here’s how you can do it: Sign in to the Azure portal: Go to Azure portal and sign in with your admin account. Navigate to Azure Active Directory: In the left-hand navigation pane, select Azure Active Directory. Go to Devices: Under Manage, select Devices. Configure Device Settings: Select Device settings. Under Maximum number of devices per user, increase the limit to a higher number that suits your organization's needs. Save the changes: Click Save to apply the new device limit. By increasing the device limit, users in the sales department will be able to join more devices to Azure AD without needing to contact the support department.
upvoted 1 times
...
ELQUMS
10 months ago
Selected Answer: A
Answer A
upvoted 2 times
...
Siraf
1 year ago
Answer is A From Azure portal > Microsoft Entra ID > Devices > Device Settings > Maximum number of devices per user
upvoted 3 times
...
marsot
1 year, 4 months ago
Selected Answer: A
Azure Portal > Azure AD> Device > Device Settings> in the "Azure AD join and registration settings" section, change the maximum number of devices a user can have in Azure AD.
upvoted 4 times
...
Hull
1 year, 5 months ago
Selected Answer: A
Correct. Issue is: "Multiple users in the sales department have up to five devices. The sales department users report that sometimes they must contact the support department to join their devices to the Azure AD tenant because they have reached their device limit." Within Device settings, you can increase maximum number of devices a user can join/register to Azure AD.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel