Exam AZ-103 topic 5 question 8 discussion

Actual exam question from Microsoft's AZ-103

Question #: 8
Topic #: 5

You have an Azure Active Directory (Azure AD) tenant.
You have an existing Azure AD conditional access policy named Policy1. Policy1 enforces the use of Azure AD-joined devices when members of the Global
Administrators group authenticate to Azure AD from untrusted locations.
You need to ensure that members of the Global Administrators group will also be forced to use multi-factor authentication when authenticating from untrusted locations.
What should you do?

A. From the Azure portal, modify session control of Policy1.
B. From the multi-factor authentication page, modify the user settings.
C. From the Azure portal, modify grant control of Policy1.
D. From the multi-factor authentication page, modify the service settings.

Show Suggested Answer

Suggested Answer: C 🗳️
There are two types of controls:
✑ Grant controls "" To gate access
✑ Session controls "" To restrict access to a session
Grant controls oversee whether a user can complete authentication and reach the resource that they're attempting to sign-in to. If you have multiple controls selected, you can configure whether all of them are required when your policy is processed. The current implementation of Azure Active Directory enables you to set the following grant control requirements:

Reference:
https://blog.lumen21.com/2017/12/15/conditional-access-in-azure-active-directory/

by Kkhan01 at June 3, 2020, 3:50 p.m.

Comments

Submit Cancel

YPR

Highly Voted 4 years, 11 months ago

Azure AD-> Security -> Conditional Access -> Grant (Edit) Give answer is correct (From the Azure portal, modify grant control of Policy1.) https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/controls

upvoted 5 times

...