Exam MS-900 topic 1 question 262 discussion

Actual exam question from Microsoft's MS-900

Question #: 262
Topic #: 1

A company is evaluating Microsoft Azure Conditional Access policies.
You reed to determine which scenarios Conditional Access policies support.
Which three scenarios should you select? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. Multi-factor authentication
B. Self-service password reset capabilities
C. Hybrid Azure Active Directory joined device
D. Blocked access to Microsoft 365 services for unverified users
E. BitLocker deployment

Show Suggested Answer

Suggested Answer: ACD 🗳️
AC: Common Azure Conditional Access policies decisions
* Block access

Most restrictive decision -
* Grant access
Least restrictive decision, can still require one or more of the following options:
Require multi-factor authentication
Require device to be marked as compliant
Require Hybrid Azure AD joined device

Require approved client app -
Require app protection policy (preview)
D: For customers with access to Identity Protection, user risk can be evaluated as part of a Conditional Access policy. User risk represents the probability that a given identity or account is compromised.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-conditions

by wando5000 at Sept. 28, 2022, 3:59 p.m.

Comments

Submit Cancel

4e25709

3 months, 1 week ago

Selected Answer: ACD

on test

upvoted 1 times

...

north4

10 months, 3 weeks ago

Answer should be A,B & C Why B? Require password change When user risk is detected, administrators can employ the user risk policy conditions to have the user securely change a password by using Azure AD self-service password reset. Source: https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-grant#require-password-change

upvoted 2 times

essamab

10 months, 2 weeks ago

Password change is different than password reset. I would say the provided answer is correct A, C & D

upvoted 1 times

...

Nerd1408

1 year, 1 month ago

Bit locker deployment can never be correct

upvoted 1 times

...

JayLearn2022

1 year, 4 months ago

The three scenarios that Conditional Access policies support are: A. Multi-factor authentication C. Hybrid Azure Active Directory joined device D. Blocked access to Microsoft 365 services for unverified users So the correct options are A, C, and D.

upvoted 3 times

...

wando5000

1 year, 10 months ago

Answer given seems correct Many organizations have common access concerns that Conditional Access policies can help with such as: Requiring multi-factor authentication for users with administrative roles Requiring multi-factor authentication for Azure management tasks Blocking sign-ins for users attempting to use legacy authentication protocols Requiring trusted locations for Azure AD Multi-Factor Authentication registration Blocking or granting access from specific locations Blocking risky sign-in behaviors Requiring organization-managed devices for specific applications

upvoted 3 times

wando5000

1 year, 10 months ago

Part D seems to be backed up by the following (although it says devices instead of users); Azure AD uses device authentication to evaluate device filter rules. For a device that is unregistered with Azure AD, all device properties are considered as null values and the device attributes cannot be determined since the device does not exist in the directory. The best way to target policies for unregistered devices is by using the negative operator since the configured filter rule would apply.

upvoted 1 times

...