Exam AZ-103 topic 5 question 9 discussion

Fraud alert Configure the fraud alert feature so that your users can report fraudulent attempts to access their resources. Users can report fraud attempts by using the mobile app or through their phone his phone is losted correct Answer C

IF MFA requires to enter a code when a user reports a fraud, and the reason for blocking that account is "Lost phone" how would he did to report the fraud? "Code to report fraud during initial greeting: When users receive a phone call to perform two-step verification, they normally press # to confirm their sign-in. To report fraud, the user enters a code before pressing #. This code is 0 by default, but you can customize it." The logical answer is C.

C is correct

Answer is C. https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings#block-and-unblock-users

Sign in to the Azure portal as an administrator. Browse to Azure Active Directory > MFA Server > Fraud alert Set the Allow users to submit fraud alerts setting to On Block user when fraud is reported.

Tricky question! Both C and D options can get an user locked. However, I dont expect Azure to set a comment 'user lost phone' if the actual reason is an user reporting a fraud alert. So I will go with C, and administrator blocking the MFA for the user and entered the comment.

Lets analyse which answer is correct: A. The user account password expired...It will not lead to account being blocked B. The user entered an incorrect PIN four times within 10 minutes...This may lead to account being locked (if you configure it like that, there is diff setting for that) C. An administrator manually blocked the user...Yes provide a comment & block a user D. The user reported a fraud alert when prompted for additional authentication....if a user receives an unknown MFA prompt , he can report it as fraud & the account get locked for 90 days..but then you dont get to fill that comment as we see in the question.

Catch is the remark-Lost phone ..and thats manual entry by an admin .

Common Sense Guys, MFA is required, so Phone is Required, user have no way of claiming anything on his account since he cannot Log in, its the admin that did the work C for sure its correct

The Admin can complete a 'Reason field' when manually blocking a user. This is what the question is looking for.

Has to be c: Manual block due to the "lost phone" comment... Below extract says you have to enter a comment when blocking a user. I cant find anything re comments from a fruad alert... Block and unblock users If a user's device has been lost or stolen, you can block authentication attempts for the associated account. Any authentication attempts for blocked users are automatically denied. Users remain blocked for 90 days from the time that they are blocked. Block a user To block a user, complete the following steps: Browse to Azure Active Directory > Security > MFA > Block/unblock users. Select Add to block a user. Select the Replication Group, then choose Azure Default. Enter the username for the blocked user as username\@domain.com, then provide a comment in the Reason field. When ready, select OK to block the user.

Correct Answer is C. There is no way to block a user automatically cause they lost their phone. An admin would have to go in and manually block them

Correct Answer, Exam question

D) Block user when fraud is reported: If a user reports fraud, their account is blocked for 90 days or until an administrator unblocks their account. An administrator can review sign-ins by using the sign-in report, and take appropriate action to prevent future fraud. An administrator can then unblock the user's account.