ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-303 All Questions

View all questions & answers for the AZ-303 exam
Go to Exam

Exam AZ-303 topic 5 question 4 discussion

Actual exam question from Microsoft's AZ-303
Question #: 4
Topic #: 5
[All AZ-303 Questions]

You have an Azure Active Directory (Azure AD) tenant.
You have an existing Azure AD conditional access policy named Policy1. Policy1 enforces the use of Azure AD-joined devices when members of the Global
Administrators group authenticate to Azure AD from untrusted locations.
You need to ensure that members of the Global Administrators group will also be forced to use multi-factor authentication when authenticating from untrusted locations.
What should you do?

  • A. From the Azure portal, modify session control of Policy1.
  • B. From multi-factor authentication page, modify the user settings.
  • C. From multi-factor authentication page, modify the service settings.
  • D. From the Azure portal, modify grant control of Policy1.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
We need to modify the grant control of Policy1.
The grant control can trigger enforcement of one or more controls.
✑ Require multi-factor authentication (Azure Multi-Factor Authentication)
✑ Require device to be marked as compliant (Intune)
✑ Require Hybrid Azure AD joined device
✑ Require approved client app
✑ Require app protection policy
Note: It is now possible to explicitly apply the Require MFA for admins rule.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/untrusted-networks https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-baseline-protection
by azurecert2021 at Jan. 15, 2021, 5:21 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
azurecert2021
Highly Voted 4 years, 6 months ago
yes D is the correct answer https://www.examtopics.com/discussions/microsoft/view/9651-exam-az-300-topic-1-question-4-discussion/
upvoted 19 times
...
sandeepmalik
Most Recent 3 years, 4 months ago
In today's exam. Score 900+ Correct answer.
upvoted 1 times
...
[Removed]
3 years, 5 months ago
D is correct
upvoted 1 times
...
pcman
3 years, 6 months ago
Pay attention! The given answer is incorrect. On MFA page/ service settings, you can create a trusted IP list. I use it on many clients´ tenants. It is very simple to check. Don´t waste your points!
upvoted 1 times
pcman
3 years, 6 months ago
Please ignore my comment. There is a conditional access policy applied to another goal and that policy applies only from untrusted IPs. in other words, the list already exists. Letter D is Correct.
upvoted 1 times
...
...
syu31svc
3 years, 11 months ago
Within a Conditional Access policy, an administrator can make use of access controls to either grant or block access to resources. https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-policies https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-grant Answer is D
upvoted 4 times
...
AAPaul
4 years ago
D is correct
upvoted 3 times
...
nfett
4 years, 1 month ago
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition D is correct. refer to above article.
upvoted 3 times
...
nfett
4 years, 1 month ago
this is a better url to note the right answer. D is correct. https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition
upvoted 1 times
...
hwathan
4 years, 2 months ago
correct
upvoted 2 times
...
Kraviecc
4 years, 6 months ago
Correct
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel