ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-500 All Questions

View all questions & answers for the MS-500 exam
Go to Exam

Exam MS-500 topic 1 question 50 discussion

Actual exam question from Microsoft's MS-500
Question #: 50
Topic #: 1
[All MS-500 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription that contains the users shown in the following table.

You need to ensure that User1, User2, and User3 can use self-service password reset (SSPR). The solution must not affect User4.
Solution: You create a conditional access policy for User1, User2, and User3.
Does that meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by NOC_NWDMICROAGE at Sept. 28, 2022, 4:13 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
H0TDOGG
2 years, 2 months ago
Selected Answer: B
I first selected A, Yes as the rules stress only against users, not the groups. So the groups are irrelevant, and this still stands true. On further review, I feel the answer is B, No. Why? - Yes you can use a conditional access policy in relation to SSPR, but the policy is purely to force specific users to enrol their verification types. To use SSPR, you must enable it in the Password reset element of AAD, selecting to who the SSPR policy is applied.
upvoted 1 times
...
Unicorn02
2 years, 6 months ago
Selected Answer: B
SSPR is not enforced/configured via Conditional Access Policy. It is part of the "Password Reset" menu in AAD. https://learn.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr#enable-self-service-password-reset
upvoted 4 times
...
NOC_NWDMICROAGE
2 years, 9 months ago
No, because directory writer + security admin have SSPR enabled by default. So you would only need to enable SSPR for Group 2.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel