ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-102 All Questions

View all questions & answers for the MS-102 exam
Go to Exam

Exam MS-102 topic 1 question 312 discussion

Actual exam question from Microsoft's MS-102
Question #: 312
Topic #: 1
[All MS-102 Questions]

HOTSPOT
-

Your company has an office in London.

You have a Microsoft 365 subscription.

You need to create a Conditional Access policy named Policy that meets the following requirements:

• Only FIDO2 security keys, Windows Hello for Business, and certificates must be supported for authentication.
• The London office must be marked as a trusted location and excluded from Policy1.

How should you configure Policy1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by HelloItsSam at Oct. 20, 2024, 4:08 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
justITtopics
5 months, 2 weeks ago
Phishing-Resisntant MFA https://learn.microsoft.com/es-es/entra/identity/authentication/concept-authentication-strengths#built-in-authentication-strengths IP Ranges https://learn.microsoft.com/es-es/entra/identity/authentication/concept-authentication-strengths#built-in-authentication-strengths A Name for the location. One or more public IP ranges. Optionally Mark as trusted location. Trusted locations -Conditional Access policies can include or exclude these locations.
upvoted 1 times
...
Krayzr
6 months ago
Given answer is correct Named Location: IP Ranges >> Mark as Trusted Location See here To define a named location by public IPv4 or IPv6 address ranges, you must provide: A Name for the location. One or more public IP ranges. Optionally Mark as trusted location. https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-assignment-network#ipv4-and-ipv6-address-ranges
upvoted 3 times
...
Tr619899
8 months, 4 weeks ago
Authentication strength: You should choose "Phishing-resistant MFA". This is because the requirement specifies that only FIDO2 security keys, Windows Hello for Business, and certificates must be supported for authentication. The Phishing-resistant MFA strength includes these methods and ensures that only these forms of authentication are used​. Named location: For the trusted location, you should select "Countries". You will need to create a named location that marks the London office as trusted, allowing you to exclude it from the policy. This means configuring the location based on countries/regions where your office is located​.
upvoted 2 times
Hiyas
8 months ago
lol. It's IP ranges, and London is not a country, you will need to select UK in Countries selection which is not the most ideal as it is stated London "office"
upvoted 2 times
...
Xive
8 months, 3 weeks ago
Isn't countries too wide range. This will include logins from within london but may not necessary from the office. So IP range is still the more conservative choice.
upvoted 1 times
665d390
8 months, 3 weeks ago
Therefore, wouldn't it be more concrete to indicate the trusted IP addresses of the office in question?
upvoted 4 times
Ody
8 months, 1 week ago
It is the right answer, but for the wrong reason. Under "Name Location" you can also add an IP range AND there is a selection box for "Mark as a trusted location"
upvoted 1 times
...
...
...
...
HelloItsSam
9 months ago
Given asnwer is Correct!
upvoted 2 times
JohnDoe47
8 months, 2 weeks ago
In Named Locations, you can add "Countries locations", "IP ranges locations", "Configure multifactor authentication trusted IPs" (legacy mode). You need to define the public "IP range" of London and define it as trusted IP. Then exclude it in the Conditional Access Policy.
upvoted 4 times
BigO76
6 months, 1 week ago
Correct, The requirement in the question states: "The London office must be marked as a trusted location and excluded from Policy1." Trusted IPs are explicitly designed for this purpose, allowing you to: Define IP ranges for the London office. Mark these IP ranges as a trusted location. Easily exclude this trusted location from Policy1. Using IP ranges alone will not mark the London office as a "trusted location" in Azure AD, and it would not allow for seamless exclusion as required by the question.
upvoted 2 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel