ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MD-101 All Questions

View all questions & answers for the MD-101 exam
Go to Exam

Exam MD-101 topic 3 question 84 discussion

Actual exam question from Microsoft's MD-101
Question #: 84
Topic #: 3
[All MD-101 Questions]

Your on-premises network contains an Active Directory domain named contoso.com.

You perform the following actions:

• Purchase a new Microsoft 365 subscription.
• Create a new user named User1.
• Assign User1 the Security Administrator role.

You need to ensure that User1 can enable Conditional Access policies.

What should User1 do first?

  • A. Register for Azure Multi-Factor Authentication (MFA).
  • B. Request the Conditional Access Administrator role.
  • C. Disable Security defaults.
  • D. Implement Azure AD Connect.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by robros at Jan. 16, 2023, 10:28 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
golijat
1 year, 9 months ago
Selected Answer: C
To enable Conditional Access policies, User1 should first **Disable Security defaults**. Security defaults is a basic identity security feature that's enabled by default. However, it doesn't support more advanced features of Azure AD Conditional Access. Therefore, to use Conditional Access policies, Security defaults must be disabled. So, the correct answer is **C. Disable Security defaults**.
upvoted 1 times
...
vanr2000
2 years ago
Selected Answer: B
Request the Conditional Access Administrator role. If User1 doesn't have this role, it won't be able to disable the security defaults setting in the new tenant created. So, this have to be the first step, otherwise, nothing can be done in term of conditional access.
upvoted 1 times
...
lannythewizard
2 years, 1 month ago
User1 should connect the on-premises Active Directory to Azure AD using Azure AD Connect to sync the user and group objects from on-premises to Azure AD. This will ensure that User1 has the necessary permissions to enable Conditional Access policies. Once the sync is complete, User1 can access the Azure portal and configure Conditional Access policies according to the organization's security requirements.
upvoted 1 times
...
AliNadheer
2 years, 4 months ago
Selected Answer: C
i thought only conditional access administrator can enable CA policies or disable security defaults, boy was i wrong. To disable security defaults in your directory: Sign in to the Azure portal as a security administrator, Conditional Access administrator, or global administrator. Browse to Azure Active Directory > Properties. Select Manage security defaults. Set the Enable security defaults toggle to No. Select Save. reference: https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults
upvoted 3 times
3dk1
2 years, 1 month ago
From AliNadheer's reference: "You can use Conditional Access to configure policies similar to security defaults, but with more granularity. Conditional Access policies allow selecting other authentication methods and the ability to exclude users, which aren't available in security defaults. If you're using Conditional Access in your environment today, security defaults won't be available to you."
upvoted 1 times
...
...
jt2214
2 years, 4 months ago
Selected Answer: C
I agree with jonny_sims "Organizations that choose to implement Conditional Access policies that replace security defaults must disable security defaults." https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults
upvoted 1 times
...
jonny_sins
2 years, 4 months ago
This was in the Udemy MD-101 Course I took by John..mentioned this and upon testing i can tell you this is correct. If you do not turn off then you will get an error message.
upvoted 2 times
...
okkies
2 years, 5 months ago
Selected Answer: D
you first need an azure ad connection to implement mfa i presume?
upvoted 1 times
...
JN_311
2 years, 5 months ago
Selected Answer: A
I would go with Register MFA
upvoted 1 times
...
robros
2 years, 5 months ago
Selected Answer: A
Require administrators to do multifactor authentication -Security administrator Has the ability to use CA policies but first need to register MFA. https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel