Exam AZ-300 topic 2 question 14 discussion

Answer is C Administrators can also choose to create a custom Conditional Access policy including sign-in risk as an assignment condition. Ref: https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-policies

Answer is D. The Trusted IPs feature of Azure Multi-Factor Authentication is used by administrators of a managed or federated tenant. The feature bypasses two-step verification for users who sign in from the company intranet. Ref: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings

It could be the trick we miss - "All administrators must enter a verification code to access the Azure portal". MFA service settings can't achieve it beacuse it bypasses the multi-factor authentication as per MS docs. Seems like Option C is a better choice.

Answer is C https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-risk-policies => Microsoft's recommendation is to Allow access and Require multi-factor authentication.

Location variable in answer D is for MFA bypass, Correct answer is C

Trusted IPs The Trusted IPs feature of Azure Multi-Factor Authentication bypasses multi-factor authentication prompts for users who sign in from a defined IP address range. ---You can set trusted IP ranges for your on-premises environments to when users are in one of those locations, there's no Azure Multi-Factor Authentication prompt---.

multi-factor authentication -> service settings ->There is no option to enforce login from on premise network ( only Skip MFA for trusted IP) therefore, Option C is correct.

D is the correct answer

D is the correct answer

D https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings#trusted-ips here is the explanation.

Answer is D here, so much confusion, see below MS link https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings#trusted-ips "If you don't want to use Conditional Access policies to enable trusted IPs, you can configure the service settings for Azure Multi-Factor Authentication using the following steps:" We don't have conditional access available as option to MFA service settings seems to be right.

Answer is C

The only way to achieve is Conditional Access Policy which is not in the list. D- Only gives opportunity to skip the MFA not blocking the access outside the Trusted IPs. Also all admins have to enter a code from wherever they connect . So this is not possible B&C- Only block the access based on the Risk value on which we have no control like setting some location or whitelisted Ips. so I think wording has to be changed for this question otherwise can not see answer

Given MS documentation says it can be achieved by both ways i.e. Enable the Trusted IPs feature by using Conditional Access and Enable the Trusted IPs feature by using service settings. As Condition access is not in the list so Answer is D. https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings#enable-the-trusted-ips-feature-by-using-conditional-access

answer should be C

Answer is C.

Trusted IPs is managed in the MFA configuration