ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-303 All Questions

View all questions & answers for the AZ-303 exam
Go to Exam

Exam AZ-303 topic 2 question 25 discussion

Actual exam question from Microsoft's AZ-303
Question #: 25
Topic #: 2
[All AZ-303 Questions]

Your company has an Azure subscription.
You enable multi-factor authentication (MFA) for all users.
The company's help desk reports an increase in calls from users who receive MFA requests while they work from the company's main office.
You need to prevent the users from receiving MFA requests when they sign in from the main office.
What should you do?

  • A. From Conditional access in Azure Active Directory (Azure AD), create a named location.
  • B. From the MFA service settings, create a trusted IP range.
  • C. From Conditional access in Azure Active Directory (Azure AD), create a custom control.
  • D. From Azure Active Directory (Azure AD), configure organizational relationships.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by edddddddd at Aug. 23, 2020, 7:52 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
mkos
Highly Voted 4 years, 9 months ago
Create a named location won't solve the problem. The trusted IP's should be added to the name locations. Option B is correct
upvoted 86 times
dmbuk
4 years, 7 months ago
You can't create a named location w/o IP range. Still B is correct as the key word here "Enabled MFA" and they don't mention CA policies.
upvoted 4 times
...
heany
4 years, 4 months ago
No. when you create a named location, IP range is the defalut inputs required. So, it should be A. ip range in named location is not just for MFA to use. It can be used cross conditional access, that's why the entry is inside of conditional access UI
upvoted 1 times
...
heany
4 years, 2 months ago
Finally found answer of this tricky question. Should be A. Trusted IP only used when you use MFA server. https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings#trusted-ips
upvoted 4 times
KhaledMaster
3 years, 6 months ago
good point, however then the main office will connect to the azure they will use specific public IPs that are assgined to that site-> so we can use those public IPs in the Trusted IPs
upvoted 2 times
...
...
AberdeenAngus
3 years, 4 months ago
Why not? Could someone explain this please?
upvoted 1 times
...
Load full discussion...
...
VMUN
Highly Voted 3 years, 11 months ago
26-June-21, Passed the exam. I got only A,C,D options. I think it is name locations.
upvoted 15 times
shaktiprasad88
3 years, 3 months ago
Ans - A https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-all-users-mfa An organization may choose to not require multi-factor authentication if accessing a cloud app from their corporate network. In this case they could add the following configuration to the policy: Under Assignments, select Conditions > Locations. Configure Yes. Include Any location. Exclude All trusted locations. Select Done. Select Done. Save your policy changes.
upvoted 1 times
...
Gromble_ziz
3 years, 6 months ago
I assume this is the reason why: https://www.alitajran.com/move-from-mfa-trusted-ips-to-conditional-access-named-locations/ I assume option "B" was earlier and option "A" is the newer and more flexible way.
upvoted 4 times
...
...
hikpd
Most Recent 3 years, 2 months ago
The first line reads "Enable MFA for all users". So B is the correct answer. If the MFA was enabled for selected users, then the conditional access makes sense.
upvoted 1 times
...
Stato71
3 years, 2 months ago
Both A and B are feasible, I think what the question is looking for is location related ie “head office”. That suggests A is the answer.
upvoted 1 times
...
JDS11
3 years, 3 months ago
Selected Answer: A
Answer is A as it is a newer approach
upvoted 2 times
...
LuisLfr
3 years, 4 months ago
Selected Answer: A
A is correct!
upvoted 2 times
...
AberdeenAngus
3 years, 4 months ago
I'm going A named location. The CAP form allows a location to be excluded from a policy (where the requirement for MFA would be set up), and it seems to be a use case for them: "Organizations can use this location for common tasks like: Requiring multi-factor authentication for users accessing a service when they're off the corporate network." https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition
upvoted 1 times
...
azureaakuu
3 years, 5 months ago
You are advising a company that has enabled MFA for all its users. The company’s support desk is seeing an increase in support tickets from users who are receiving MFA requests while working within the company’s main campus. You are asked to provide a recommendation that prevents the users from receiving MFA requests while on the main campus. The company has an Azure subscription. What do you advise? From the MFA service settings, create a trusted IP range. From the conditional access in Azure AD, create a named location. From the conditional access in Azure AD, create a custom control. From the conditional access in Azure AD, configure organizational relationships. Explanation Correct Answer: From the MFA service settings, create a trusted IP range. By creating a trusted IP range in the MFA service settings you provide users with the ability to avoid MFA requests while on company sites.
upvoted 1 times
...
azureaakuu
3 years, 5 months ago
It is B
upvoted 1 times
...
suriyaswamy
3 years, 5 months ago
Repeated of Question 15 with change in Format
upvoted 1 times
...
MayilKannan
3 years, 5 months ago
It should be "A". https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition
upvoted 1 times
...
Mr_RJ
3 years, 5 months ago
B is correct
upvoted 1 times
...
syu31svc
3 years, 9 months ago
The Trusted IPs feature of Azure Multi-Factor Authentication bypasses multi-factor authentication prompts for users who sign in from a defined IP address range. You can set trusted IP ranges for your on-premises environments to when users are in one of those locations, there's no Azure Multi-Factor Authentication prompt. https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings#trusted-ips B is the answer
upvoted 2 times
...
Jcbrow27
3 years, 11 months ago
B is correct!
upvoted 1 times
...
norbitek
3 years, 11 months ago
I had this question today but instead of "From the MFA service settings, create a trusted IP range" there were different option.
upvoted 1 times
...
Mikeliz
4 years ago
Answer is B, you don't always need a conditional access policy to enable MFA.
upvoted 3 times
...
azurellc
4 years ago
On exam 5/15/2021
upvoted 3 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel