ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-900 All Questions

View all questions & answers for the MS-900 exam
Go to Exam

Exam MS-900 topic 1 question 262 discussion

Actual exam question from Microsoft's MS-900
Question #: 262
Topic #: 1
[All MS-900 Questions]

A company is evaluating Microsoft Azure Conditional Access policies.
You reed to determine which scenarios Conditional Access policies support.
Which three scenarios should you select? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

  • A. Multi-factor authentication
  • B. Self-service password reset capabilities
  • C. Hybrid Azure Active Directory joined device
  • D. Blocked access to Microsoft 365 services for unverified users
  • E. BitLocker deployment
Show Suggested Answer Hide Answer
Suggested Answer: ACD 🗳️
AC: Common Azure Conditional Access policies decisions
* Block access

Most restrictive decision -
* Grant access
Least restrictive decision, can still require one or more of the following options:
Require multi-factor authentication
Require device to be marked as compliant
Require Hybrid Azure AD joined device

Require approved client app -
Require app protection policy (preview)
D: For customers with access to Identity Protection, user risk can be evaluated as part of a Conditional Access policy. User risk represents the probability that a given identity or account is compromised.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-conditions
by wando5000 at Sept. 28, 2022, 3:59 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
4e25709
1 month, 2 weeks ago
Selected Answer: ACD
on test
upvoted 1 times
...
north4
8 months, 4 weeks ago
Answer should be A,B & C Why B? Require password change When user risk is detected, administrators can employ the user risk policy conditions to have the user securely change a password by using Azure AD self-service password reset. Source: https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-grant#require-password-change
upvoted 2 times
essamab
8 months, 3 weeks ago
Password change is different than password reset. I would say the provided answer is correct A, C & D
upvoted 1 times
...
...
[Removed]
9 months, 1 week ago
Got this question in the exam for Sept 5th 2023.
upvoted 2 times
...
Nerd1408
11 months, 2 weeks ago
Bit locker deployment can never be correct
upvoted 1 times
...
JayLearn2022
1 year, 2 months ago
The three scenarios that Conditional Access policies support are: A. Multi-factor authentication C. Hybrid Azure Active Directory joined device D. Blocked access to Microsoft 365 services for unverified users So the correct options are A, C, and D.
upvoted 3 times
...
wando5000
1 year, 8 months ago
Answer given seems correct Many organizations have common access concerns that Conditional Access policies can help with such as: Requiring multi-factor authentication for users with administrative roles Requiring multi-factor authentication for Azure management tasks Blocking sign-ins for users attempting to use legacy authentication protocols Requiring trusted locations for Azure AD Multi-Factor Authentication registration Blocking or granting access from specific locations Blocking risky sign-in behaviors Requiring organization-managed devices for specific applications
upvoted 3 times
wando5000
1 year, 8 months ago
Part D seems to be backed up by the following (although it says devices instead of users); Azure AD uses device authentication to evaluate device filter rules. For a device that is unregistered with Azure AD, all device properties are considered as null values and the device attributes cannot be determined since the device does not exist in the directory. The best way to target policies for unregistered devices is by using the negative operator since the configured filter rule would apply.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel