ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-100 All Questions

View all questions & answers for the MS-100 exam
Go to Exam

Exam MS-100 topic 3 question 19 discussion

Actual exam question from Microsoft's MS-100
Question #: 19
Topic #: 3
[All MS-100 Questions]

HOTSPOT -
You have a Microsoft Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

You enable self-service password reset for all users. You set Number of methods required to reset to 1, and you set Methods available to users to Security questions only.
What information must be configured for each user before the user can perform a self-service password reset? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Microsoft enforces a strong default two-gate password reset policy for any Azure administrator role. This policy may be different from the one you have defined for your users and cannot be changed. You should always test password reset functionality as a user without any Azure administrator roles assigned.
With a two-gate policy, administrators don't have the ability to use security questions.
The two-gate policy requires two pieces of authentication data, such as an email address, authenticator app, or a phone number.
User3 is not assigned to an Administrative role so the configured method of Security questions only applies to User3.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-policy#administrator-password-policy-differences
by F_M at May 25, 2021, 10:54 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
BennyS
Highly Voted 3 years, 4 months ago
By default, administrator accounts are enabled for self-service password reset, and a strong default two-gate password reset policy is enforced. This policy may be different from the one you have defined for your users, and this policy can't be changed. You should always test password reset functionality as a user without any Azure administrator roles assigned. With a two-gate policy, administrators don't have the ability to use security questions. Source: https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-policy#administrator-reset-policy-differences
upvoted 6 times
...
Amir1909
Most Recent 1 year, 4 months ago
Correct
upvoted 1 times
...
Moderator
2 years, 11 months ago
Still a valid question (July 30th 2022).
upvoted 4 times
...
melatocaroca
4 years ago
The two-gate policy requires two pieces of authentication data, such as an email address, authenticator app, or a phone number., According with MS phrase , you one will be required, one more, email
upvoted 4 times
chaoscreater
4 years ago
Unrelated to answer. SSPR policies for admins are separate to policies for normal users. By default, admins require 2 authentication methods.
upvoted 6 times
...
...
RAJULROS
4 years ago
exam question on 28May21
upvoted 4 times
...
F_M
4 years, 1 month ago
Provided answer is right!
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel