ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MD-101 All Questions

View all questions & answers for the MD-101 exam
Go to Exam

Exam MD-101 topic 3 question 22 discussion

Actual exam question from Microsoft's MD-101
Question #: 22
Topic #: 3
[All MD-101 Questions]

You have an Azure Active Directory (Azure AD) tenant named contoso.com.
You create a terms of use (ToU) named Terms1 in contoso.com.
You are creating a conditional access policy named Policy1 to assign a cloud app named App1 to the users in contoso.com.
You need to configure Policy1 to require the users to accept Terms1.
What should you configure in Policy1?

  • A. Grant in the Access controls section
  • B. Conditions in the Assignments section
  • C. Cloud apps or actions in the Assignments section
  • D. Session in the Access controls section
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
Before accessing certain cloud apps in your environment, you might want to get consent from users in form of accepting your terms of use (ToU). Azure Active
Directory (Azure AD) Conditional Access provides you with:
A simple method to configure ToU
The option to require accepting your terms of use through a Conditional Access policy
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/require-tou
by VCE_player at Dec. 24, 2020, 8:04 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
VCE_player
Highly Voted 4 years, 5 months ago
Answer A is correct. I just configured this in the MD-101 lab. Though, the "Terms Of Use" itself should be setup first before this option becomes available in the "grant" part of the policy. But that is not part of the question..
upvoted 20 times
...
[Removed]
Most Recent 3 years, 11 months ago
Conditional Access -Access Control -Require app protection policy -ToU
upvoted 2 times
...
Perycles
4 years ago
A is correct.
upvoted 3 times
...
bertik
4 years ago
Definitely A. https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/require-tou#create-your-conditional-access-policy
upvoted 3 times
...
MikeMatt2020
4 years ago
Answer is A "If your organization has created terms of use, additional options may be visible under grant controls. These options allow administrators to require acknowledgment of terms of use as a condition of accessing the resources protected by the policy" https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-grant#require-approved-client-app
upvoted 3 times
...
Merma
4 years, 1 month ago
I believe B. Conditions in the Assignments section is the correct answer here. "Within a Conditional Access policy, an administrator can make use of signals from conditions like risk, device platform, or location to enhance their policy decisions." A. Grant in the Access controls section - "Within a Conditional Access policy, an administrator can make use of access controls to either grant or block access to resources. Block takes into account any assignments and prevents access based on the Conditional Access policy configuration. Administrators can choose to enforce one or more controls when granting access." Such as MFA. https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-Conditions https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-grant Other thoughts?
upvoted 1 times
Merma
4 years ago
How to deploy Terms of Use in Azure Active Directory - https://www.youtube.com/watch?v=N4vgqHO2tgY
upvoted 1 times
...
...
marz
4 years, 3 months ago
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-grant#terms-of-use
upvoted 1 times
...
Anthony_2770
4 years, 4 months ago
Answer is either A or B. What should you do first It is not uncommon for the 2nd step to be listed as an option, to really see if you know what you are doing. Option B initially could be a candidate for this aspect. This question is referring to the manual registration of devices to autopilot. NOT C If B,C,D needs to be considered then we need a CSV file not a XML file. NOT D Refers to win7/8.1 I believe
upvoted 1 times
Anthony_2770
4 years, 4 months ago
Additionally: Manually register devices with Windows Autopilot\ https://docs.microsoft.com/en-us/mem/autopilot/add-devices Windows Autopilot device registration can be done within your organization by manually collecting the hardware identity of devices (hardware hashes) and uploading this information in a comma-separated-value (CSV) file. Capturing the hardware hash for manual registration requires booting the device into Windows 10. Device owners can only register their devices with a hardware hash. Other methods (PKID, tuple) are available through OEMs or CSP partners. Website talks about sysprep if the devices have already been connected to the internet. Phoenix computers are to be used at home. Answer is either A or B. Need more discussion......
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel