Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us [email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Microsoft Discussions

Exam AZ-104 topic 1 question 3 discussion

Actual exam question from Microsoft's AZ-104
Question #: 3
Topic #: 1
[All AZ-104 Questions]

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
Your company has an Azure Active Directory (Azure AD) subscription.
You want to implement an Azure AD conditional access policy.
The policy must be configured to require members of the Global Administrators group to use Multi-Factor Authentication and an Azure AD-joined device when they connect to Azure AD from untrusted locations.
Solution: You access the Azure portal to alter the session control of the Azure AD conditional access policy.
Does the solution meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by BenStokes at July 4, 2021, 8:10 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
lyx
Highly Voted 2 years, 8 months ago
Ans: No. You alter the grant control, not session control
upvoted 56 times
YooOY
2 years, 7 months ago
Under Access controls > Grant, select Grant access, Require multi-factor authentication, and select Select. https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-all-users-mfa
upvoted 22 times
...
jackdryan
1 year, 2 months ago
B is correct. You access the Azure portal to alter the grant control of the Azure AD conditional access policy.
upvoted 3 times
...
go4adil
2 months, 2 weeks ago
Correct Answer: B (No) In order to implement MFA and Azure AD-Joined device, you need to create a 'Conditional Access Policy'. To implement conditional access policy; Go to Microsoft Entra-->Protection-->Security Center-->Conditional Access Page-->Modify Grant Control (Not Session Control) -->Grant Access (Microsoft Entra Premium is required to implement Conditional Access policy) https://learn.microsoft.com/en-us/entra/identity/authentication/tutorial-enable-azure-mfa?toc=%2Fentra%2Fidentity%2Fconditional-access%2Ftoc.json&bc=%2Fentra%2Fidentity%2Fconditional-access%2Fbreadcrumb%2Ftoc.json
upvoted 4 times
MohsenSic
1 month, 2 weeks ago
It is now in device settings and not protection, https://learn.microsoft.com/en-us/entra/identity/devices/media/manage-device-identities/device-settings-azure-portal.png
upvoted 1 times
...
...
...
epic13131
Highly Voted 2 years, 9 months ago
Was on my exam.
upvoted 16 times
...
MCLC2021
Most Recent 3 weeks, 1 day ago
Correc Answer B (NO). Within a Conditional Access policy: Access Control GRANT: an administrator can use access controls to grant or block access to resources. Access Control SESSION: an administrator can make use of session controls to enable limited experiences within specific cloud applications. https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-session https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-grant
upvoted 1 times
...
tashakori
1 month ago
No is right
upvoted 1 times
...
mattpaul
2 months, 1 week ago
Selected Answer: B
Answer is No [email protected] for full set
upvoted 2 times
...
_gio_
3 months, 1 week ago
Selected Answer: B
answer is B
upvoted 1 times
...
DBFront
5 months, 3 weeks ago
Selected Answer: B
B is correct, needs to be grant control
upvoted 1 times
...
mattpaul
6 months ago
I passed with these questions and many friends passed too, if you want real exam questions, contact me on [email protected]
upvoted 1 times
...
Minaru
6 months, 1 week ago
Correct answer is B. The solution mentioned does not fully meet the goal of requiring members of the Global Administrators group to use Multi-Factor Authentication and an Azure AD-joined device when they connect from untrusted locations. While accessing the Azure portal to alter the session control is a step in the right direction, it's essential to configure the specific conditions and controls in the Azure AD conditional access policy to enforce these requirements. To achieve the goal, you need to create or modify an Azure AD conditional access policy and specify the conditions that require Multi-Factor Authentication and Azure AD-joined devices for members of the Global Administrators group when they access Azure AD from untrusted locations. Simply accessing the Azure portal to alter session control is not sufficient to fully implement this policy.
upvoted 4 times
...
Dan76
7 months ago
Does anyone have updated questions from 21.09.2023 (21sh of Sep) with contributor access and can send them to me through email: [email protected]. I would really appreciate it as I need to write and prepare for this exam with limited time and can't afford the contributor access. Thanks. I need to write the exam before the end of this month
upvoted 2 times
...
Kola89
7 months, 2 weeks ago
Does anyone have updated questions from with contributor access and can send me through email: [email protected]
upvoted 1 times
...
Misty39
7 months, 3 weeks ago
does anyone have updated questions from 21.08.2023 with contributor access and can send me through email: [email protected] Thank you in advance.
upvoted 3 times
DM25
7 months, 2 weeks ago
In Aug 2023 if I'm right they didn't change syllabus but made it open book. Yes it would be great to hear from someone who took after that. I am planning to write soon
upvoted 1 times
...
...
ShyamNallu_100813
9 months, 2 weeks ago
Selected Answer: A
ANS :A
upvoted 3 times
SivaPannier
7 months, 4 weeks ago
I think the Answer is A only. I could see session control option in the Conditional Access Policy configuration page. Grant control should not be for session control. see the link below... https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-session.
upvoted 1 times
...
SivaPannier
7 months, 4 weeks ago
Sorry I am wrong in the earlier comment. The correct answer is B only, for the given requirement there is no need to configure anything in the session control page of conditional access policy. Hence this action will not fulfill the project requirement.
upvoted 3 times
...
...
james2033
9 months, 2 weeks ago
Selected Answer: B
Focus at text "alter the session", it make B is correct choice.
upvoted 2 times
...
dhivyamohanbabu
10 months ago
option B is correct
upvoted 1 times
...
Madbo
1 year ago
Solution B is not correct because it suggests creating a new resource group for each department. While this approach could be used to organize resources, it does not allow for direct association between the virtual machines and their respective departments. Assigning tags to the virtual machines is a better solution for this requirement.
upvoted 1 times
...
emptyH
1 year ago
Selected Answer: B
Answer is B. Require MFA is a checkbox listed within the GRANT control portion of the conditional access policy.
upvoted 3 times
...
Load full discussion...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel