ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-300 All Questions

View all questions & answers for the SC-300 exam
Go to Exam

Exam SC-300 topic 2 question 72 discussion

Actual exam question from Microsoft's SC-300
Question #: 72
Topic #: 2
[All SC-300 Questions]

DRAG DROP -

You have an Azure AD tenant that contains a user named Admin1.

Admin1 uses the Require password change for high-risk users policy template to create a new Conditional Access policy.

Who is included and excluded by default in the policy assignment? To answer, drag the appropriate options to the correct target. Each option may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point

Show Suggested Answer Hide Answer
Suggested Answer:
by cgonIT at Oct. 9, 2023, 11:01 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
penatuna
Highly Voted 1 year, 6 months ago
Include: All users Exclude: Admin1 These are the settings for the Require Password Change for High-Risk Users template: Users: All Users are Included – The current user creating the policy will be excluded Apps:All apps User Risk: Risk levels: High Access Control: Grant access – Require multifactor authentication AND Require password change Conditional Access template policies will exclude only the user creating the policy from the template. If your organization needs to exclude other accounts, you will be able to modify the policy once they are created. You can find these policies in the Microsoft Entra admin center > Protection > Conditional Access > Policies. Select a policy to open the editor and modify the excluded users and groups to select accounts you want to exclude. https://sccmentor.com/2023/03/26/just-dropped-in-to-see-what-condition-my-conditional-access-rule-was-in-part-6-require-password-change-for-high-risk-users/ https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-policy-common?tabs=zero-trust#template-categories
upvoted 30 times
Nyamnyam
1 year, 5 months ago
Nice catch!
upvoted 1 times
...
Kmkz83510
1 year, 4 months ago
This is correct. Viewing the template shows Included: All users, Excluded: Current user (which is Admin1)
upvoted 2 times
...
...
cgonIT
Highly Voted 1 year, 6 months ago
Wrong answer. Include: All Users Exclude: Current User (Admin1 in this case) Tested in lab. https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-risk-user
upvoted 7 times
agittunc
1 year, 6 months ago
This is wrong, your link also doesn't say admin is excluded. All users guest/external as they are not managed by the specific tenant.
upvoted 2 times
emartiy
1 year, 1 month ago
Current user which is creating policy is excluded mean Admin1 who is performing operation :)
upvoted 2 times
...
...
...
d1e85d9
Most Recent 1 month, 2 weeks ago
Include: All Users Exclude: Admin1 (current user, which is already inside all users)
upvoted 1 times
...
criminal1979
9 months, 3 weeks ago
Just tested. Include: All Users, Exclude: Current User
upvoted 1 times
...
RemmyT
11 months ago
Include: None Exclude: None The default settings when creating any new CA policy: Users 0 users and groups selected Control access based on who the policy will apply to, such as users and groups, workload identities, directory roles, or external guests. Include - None : default - All users - Select users and groups Exclude Select the users and groups to exempt from the policy - Guest or external users : Unchecked - Directory roles : Unchecked - Users and groups : Unchecked Policy can be enforced with "Enable policy".
upvoted 1 times
...
Peeeedor
1 year, 6 months ago
-All users -All guest and external users My thinking: The reason for excluding these is because they login with external credentials! We do not manage their identity and therefore cannot enforce a PW reset? Also in the real world I would exclude the breakglass account also (as mentioned in ms documentation)
upvoted 1 times
...
AK_1234
1 year, 6 months ago
- All users - All guest and external users
upvoted 2 times
...
F_Dias
1 year, 6 months ago
The correct is: Include: All Users Exclude: Current User (Admin1 in this example)
upvoted 4 times
...
DasChi_cken
1 year, 6 months ago
All User & none... Microsoft even warns you in their Docs to Test CAPs in Report only Mode before you Lock yourself Out And logically If you say all User in the First place you cant say anything Else the none as 2nd answer because the First answer wouldnt be all the ;)
upvoted 3 times
...
AK_1234
1 year, 6 months ago
- All users - All guest and external users
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago