Ans: No. You alter the grant control, not session control

Was on my exam.

B is correct, needs to be grant control

I passed with these questions and many friends passed too, if you want real exam questions, contact me on [email protected]

Correct answer is B. The solution mentioned does not fully meet the goal of requiring members of the Global Administrators group to use Multi-Factor Authentication and an Azure AD-joined device when they connect from untrusted locations. While accessing the Azure portal to alter the session control is a step in the right direction, it's essential to configure the specific conditions and controls in the Azure AD conditional access policy to enforce these requirements. To achieve the goal, you need to create or modify an Azure AD conditional access policy and specify the conditions that require Multi-Factor Authentication and Azure AD-joined devices for members of the Global Administrators group when they access Azure AD from untrusted locations. Simply accessing the Azure portal to alter session control is not sufficient to fully implement this policy.

Does anyone have updated questions from 21.09.2023 (21sh of Sep) with contributor access and can send them to me through email: [email protected]. I would really appreciate it as I need to write and prepare for this exam with limited time and can't afford the contributor access. Thanks. I need to write the exam before the end of this month

Does anyone have updated questions from with contributor access and can send me through email: [email protected]

does anyone have updated questions from 21.08.2023 with contributor access and can send me through email: [email protected] Thank you in advance.

ANS :A

Focus at text "alter the session", it make B is correct choice.

option B is correct

Solution B is not correct because it suggests creating a new resource group for each department. While this approach could be used to organize resources, it does not allow for direct association between the virtual machines and their respective departments. Assigning tags to the virtual machines is a better solution for this requirement.

Answer is B. Require MFA is a checkbox listed within the GRANT control portion of the conditional access policy.

No, the solution does not meet the goal. Altering the session control of the Azure AD conditional access policy alone will not achieve the desired requirements. You need to configure a conditional access policy that requires Multi-Factor Authentication (MFA) and an Azure AD-joined device for members of the Global Administrators group when connecting from untrusted locations.

A - is correct

No this is not the way to achieve this.

From my understanding, session controls is used when wanting to configure policies within a certain cloud apps, ( such as SharePoint, Exchange).