Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.

Exam AZ-103 topic 5 question 25 discussion

Actual exam question from Microsoft's AZ-103
Question #: 25
Topic #: 5
[All AZ-103 Questions]

You have an Azure Active Directory (Azure AD) tenant.
All administrators must enter a verification code to access the Azure portal.
You need to ensure that the administrators can access the Azure portal without entering a verification code when they are connecting from your on-premises network.
What should you configure?

  • A. an Azure AD Identity Protection user risk policy
  • B. the multi-factor authentication service settings.
  • C. the default for all the roles in Azure AD Privileged Identity Management
  • D. an Azure AD Identity Protection sign-in risk policy
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings
Manage identities

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
mojo13
Highly Voted 4 years ago
Answer is correct. In MFA service settings you can add the public IP/IPs of your corporate network with /32 CIDR and exclude from MFA verification.The trusted IP address ranges can be private or public.
upvoted 33 times
ExamPrep
4 years ago
Agreed - correct. See link here: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings#mfa-service-settings
upvoted 7 times
...
docent
3 years, 11 months ago
I agree - The Trusted IPs feature of Azure Multi-Factor Authentication is used by administrators of a managed or federated tenant. The feature bypasses two-step verification for users who sign in from the company intranet. https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings#trusted-ips
upvoted 1 times
...
Bluediamond
3 years, 11 months ago
but where in the question does it say you are using an MFA server?
upvoted 1 times
...
evangael
3 years, 9 months ago
Answer is indeed B.
upvoted 1 times
...
...
Eitant
Highly Voted 3 years, 10 months ago
The answer is D. They are asking for administrators only who will be able to access the Azure portal without entering a verification code when they are connecting from your on-premises network. Changing the multi-factor authentication service settings will affect all the users and not just the Administrators.
upvoted 6 times
...
tashakori
Most Recent 1 week, 1 day ago
An Azure AD Conditional Access Policy
upvoted 1 times
...
I
3 years, 1 month ago
Given answer is correct! Just recall MFA setting panel, the first seletion is users and groups. Go from here to get the question's requiring.
upvoted 1 times
...
maymaythar
3 years, 3 months ago
Given Answer is correct! Check it out the following URL! 1) multi-factor authentication =======================(https://account.activedirectory.windowsazure.com/usermanagement/mfasettings.aspx) 2) service settings, underneath there is an option below 3) Skip multi-factor authentication for requests from federated users on my intranet that's why C is the right answer! thanks
upvoted 2 times
maymaythar
3 years, 3 months ago
Sorry.. B is the right answer. thanks
upvoted 2 times
...
...
Thi
3 years, 4 months ago
D. an Azure AD Identity Protection sign-in risk policy
upvoted 1 times
...
jjkidd72
3 years, 7 months ago
At first one would think 'Conditional Access', but the answer is actually correct. See 'Additional cloud-based MFA settings' under MFA service settings in the below URL; https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings#mfa-service-settings Once 'Additional cloud-based MFA settings' is clicked it takes you to the 'multi-factor authentication' Service settings page which gives you the option to configure trusted IP location to prevent MFA prompts for said location.
upvoted 1 times
...
_syamantak
3 years, 7 months ago
Question says MFA is activated for Administrators , it never said that MFA was enabled for All users across the company. Hence entering trusted IPs on the MFA service page is enough to disable them.
upvoted 1 times
...
Shades
3 years, 8 months ago
I think it can be done through Multi factor auth sevice setting page in Conditional access On the multi-factor authentication service settings page, you can identify corporate intranet users by selecting Skip multi-factor authentication for requests from federated users on my intranet. This setting indicates that the inside corporate network claim, which is issued by AD FS, should be trusted and used to identify the user as being on the corporate network https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings#enable-the-trusted-ips-feature-by-using-conditional-access
upvoted 2 times
Shades
3 years, 8 months ago
However if this is done through MFA (The Trusted IPs feature of Azure Multi-Factor Authentication) , it will lead to all the users from that selective IP Range to allowed without a verification , which is not the ask in this question, It should only be for admins . Hence it has to be done through Conditonal access -->MFA Service setting.
upvoted 1 times
...
...
LTTAM
3 years, 9 months ago
To all the folks that keep suggesting the answer is D: Identity Protection ... please provide a link to justify your answer. Did you try it?? Because I tried it and there is no blade where you can set a location/IP policy. However, I was able to accomplish the task via MFA. Hence the answer is B: MFA To further justify my answer, here is a link also - https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings#mfa-service-settings
upvoted 3 times
...
Hanuman
3 years, 9 months ago
Trusted Ip feature can be enabled through service setting blade.
upvoted 3 times
...
anon1234
3 years, 9 months ago
Think B is correct, Multi factor auth MFA service settings Settings for app passwords, trusted IPs, verification options, and remember multi-factor authentication for Azure Multi-Factor Authentication can be found in service settings. This is more of a legacy portal, and isn't part of the regular Azure AD portal. Service settings can be accessed from the Azure portal by browsing to Azure Active Directory > Security > MFA > Getting started > Configure > Additional cloud-based MFA settings. A new window or tab opens with additional service settings options. Trusted IPs The Trusted IPs feature of Azure Multi-Factor Authentication bypasses multi-factor authentication prompts for users who sign in from a defined IP address range. You can set trusted IP ranges for your on-premises environments to when users are in one of those locations, there's no Azure Multi-Factor Authentication prompt. https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings#:~:text=In%20the%20Azure%20portal%2C%20search,to%20provide%20to%20your%20users.
upvoted 3 times
...
nfett
3 years, 9 months ago
@ jonnybugaloo is there a link you got your answer from? could you post it in here.
upvoted 1 times
...
jonnybugaloo
3 years, 10 months ago
The given answer is correct: Trusted IPs The Trusted IPs feature of Azure Multi-Factor Authentication is used by administrators of a managed or federated tenant. The feature bypasses two-step verification for users who sign in from the company intranet. The feature is available with the full version of Azure Multi-Factor Authentication, and not the free version for administrators. For details on how to get the full version of Azure Multi-Factor Authentication, see Azure Multi-Factor Authentication.
upvoted 1 times
...
jonnybugaloo
3 years, 10 months ago
The given answer is correct: Trusted IPs The Trusted IPs feature of Azure Multi-Factor Authentication is used by administrators of a managed or federated tenant. The feature bypasses two-step verification for users who sign in from the company intranet. The feature is available with the full version of Azure Multi-Factor Authentication, and not the free version for administrators. For details on how to get the full version of Azure Multi-Factor Authentication, see Azure Multi-Factor Authentication.
upvoted 2 times
...
goape
3 years, 10 months ago
B is correct answer. To all those suggesting D is correct; the Q states on-premise network. From sign-in risk policy, you cannot set a network scope.
upvoted 3 times
...
DivDevOps
3 years, 10 months ago
D is correct
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...