ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MD-101 All Questions

View all questions & answers for the MD-101 exam
Go to Exam

Exam MD-101 topic 3 question 56 discussion

Actual exam question from Microsoft's MD-101
Question #: 56
Topic #: 3
[All MD-101 Questions]

You have a Microsoft 365 subscription.
You have a conditional access policy that requires multi-factor authentication (MFA) for users in a group name Sales when the users sign in from a trusted location. The policy is configured as shown in the exhibit. (Click the Exhibit tab.)

You create a compliance policy.
You need to ensure that the users are authenticated only if they are using a compliant device.
What should you configure in the conditional access policy?

  • A. a condition
  • B. a session control
  • C. a cloud app
  • D. a grant control
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by sifa at May 11, 2021, 1:57 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
RajeeMark
Highly Voted 4 years ago
D. "Grant - Grant Access - Require device to be marked as compliant".
upvoted 22 times
RodrigoT
3 years, 1 month ago
And what scares me the most is that you were upvoted 17 times even giving a wrong answer. I tested in my tenant: Create a conditional Access policy > Conditions > Locations > Configure: Yes > "All trusted locations" or "Selected locations". You simply can NOT chose locations in any other setting. Of course you have to first create you Named locations on Azure portal to be able to choose them after. First step: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition#location-condition-configuration Second step (this question): https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-conditions
upvoted 7 times
JimmyC
2 years, 6 months ago
I just want to confirm that RodrigoT is confused, and 51007 has perfectly explained why. D is the correct answer.
upvoted 2 times
...
51007
3 years ago
I think you are confused. The Cond. access policy given to us already the trusted location requirement configured under 'conditions'-one selected. The diagram doesnt show it, but I can see in my tenant. Then the 1 control selected under Access controls/Grant is(probably) MFA. This is all based on the first paragraph and diagram giving us the known state of the cond. access policy. *Then* we create a new comp. policy. And we need to go into the existing Cond. Access policy to make sure the Cond Access policy will require compliance. Grant-->MFA would already be checked. We need to add Grant-->Require Device Compliance.
upvoted 9 times
...
...
AliNadheer
2 years, 3 months ago
grant is correct, the options can be seen in this well explained video https://www.youtube.com/watch?v=7XPpH_YCdRQ you can see all the grant access options in min 9:37
upvoted 2 times
...
...
Perycles
Highly Voted 4 years ago
D is correct : "Require device to be marked as compliant" enabled in 'Grant' options
upvoted 14 times
RodrigoT
3 years, 1 month ago
And where in that setting do you read "trusted location"? It's simply impossible. It's not there. It's in "Condition". I TESTED in my tenant.
upvoted 2 times
Micc0
2 years, 8 months ago
A for authentication D for authorization. A is correct!
upvoted 2 times
...
JB_
2 years, 5 months ago
Sadly, I think we must assume the trusted location setting has been configured in the config and Grant > Require device to be marked compliant is the correct answer
upvoted 1 times
...
...
...
giobos
Most Recent 2 years ago
Giancarlo dice che è la D
upvoted 1 times
...
barry12290
2 years, 2 months ago
Selected Answer: A
Conditions -> configure -> add expression to filter compliant devices
upvoted 1 times
...
devilcried
2 years, 3 months ago
Selected Answer: D
Grant control
upvoted 1 times
...
devilcried
2 years, 6 months ago
Selected Answer: D
"Require device to be marked as compliant" enabled in 'Grant' options
upvoted 1 times
...
bitjos
2 years, 6 months ago
D. Grant options available: Require multifactor authentication Require authentication strength (Preview) Require device to be marked as compliant Require Hybrid Azure AD joined device Require approved client app See list of approved client apps Require app protection policy See list of policy protected client apps Require password change
upvoted 1 times
...
StefanSteg
2 years, 7 months ago
D Grant Access
upvoted 1 times
...
raduM
2 years, 7 months ago
D- grant
upvoted 1 times
...
AK4U_111
2 years, 7 months ago
Grant = What will happen Condition = When it will happen. It's that easy. Answer is A!
upvoted 2 times
...
Zarkata
2 years, 8 months ago
Selected Answer: D
D. "Grant - Grant Access -
upvoted 1 times
...
TonySuccess
2 years, 8 months ago
Selected Answer: B
1 Million % B, please sort this one out Mods.
upvoted 1 times
...
Jnorris
2 years, 9 months ago
Selected Answer: A
After reviewing other source materials since it requires location AND compliance I believe A is the correct answer.
upvoted 1 times
...
Vernon_max22
2 years, 11 months ago
Selected Answer: D
The answer is D. The policy shown in the diagram is already configured. The language they use “you HAVE a conditional access policy that requires mfa…” they aren’t asking you to set a location. They are asking you to create a policy that requires devices to be marked compliant.
upvoted 2 times
...
Whatsamattr81
2 years, 12 months ago
"You need to ensure that the users are authenticated only if they are using a compliant device." - That's Grant, condition is just to get it to be marked compliant, grant is a gatekeeper for that.
upvoted 1 times
...
AzureLearner01
3 years ago
In my opinion this question isn‘t asking for any location based configurations, it is asking about implementing the compliant devices in this Policy. „You create a compliance policy. You need to ensure that the users are authenticated only if they are using a compliant device.“ In the meantime there are 2 valid methods for an implementation. First method is in Conditions -> Filter for devices -> Include filtered devices in policy -> Rule syntax device.isCompliant -eq true. Second method which is maybe the „native“ one is under Grant -> Grant Access -> Reqire device to be marked as compliant. Maybe the second one is the Microsoft way of accomplishing this goal, so i think D is a valid solution.
upvoted 2 times
syougun200x
2 years, 8 months ago
Thought this too. Grant Access -> Reqire device to be marked as compliant But this means "device has to be compliant" for the access and not "the users are authenticated only if they are using a compliant device" as you say. I think the sentences in the q. gets mixed up or missing some part.
upvoted 1 times
...
...
Gabry96
3 years ago
Deprecated https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-conditions#device-state-deprecated
upvoted 1 times
Gabry96
3 years ago
Customers should use the Filter for devices condition in the Conditional Access policy, to satisfy scenarios previously achieved using device state (preview) condition. In section: "Conditions"
upvoted 1 times
...
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel