SC-300 Exam QuestionsBrowse all questions from this exam
Go to Exam

SC-300 Exam - Question 81

Your company has a Microsoft 365 tenant.

The company has a call center that contains 300 users. In the call center, the users share desktop computers and might use a different computer every day. The call center computers are NOT configured for biometric identification.

The users are prohibited from having a mobile phone in the call center.

You need to require multi-factor authentication (MFA) for the call center users when they access Microsoft 365 services.

What should you include in the solution?

Show Answer
Correct Answer: D

Given that the call center users share desktop computers, which are not configured for biometric identification, and mobile phones are prohibited, configuring multi-factor authentication must bypass the need for both biometrics and mobile devices. Options like using a named network location would not provide adequate security since it does not fulfill the requirements for MFA. The Microsoft Authenticator app is not viable as mobile phones are not allowed. Windows Hello for Business requires either biometric identification or PIN, and since these users switch computers daily, storing such data locally is impractical. FIDO2 tokens are hardware-based authentication devices that provide a viable, secure, and portable solution for multi-factor authentication without the need for biometrics or mobile phones, making them the most suitable option.

Discussion

17 comments
Sign in to comment
Ed2learnOption: D
Jun 22, 2021

ignoring the terrible working conditions, terribly configured network (or you would just set MFA and CA to ignore that network segment), and obviously micromanaging bosses - the given answer is correct.

omnomsnom
Jul 12, 2024

It's actually quite common for mobiles to not be allowed in some call centres that handle sensitive data or process card holder data. Exempting the network from MFA goes against zero-trust model. FIDO keys are the best solution.

BeitranOption: D
May 3, 2021

The only logical option.

ali_pinOption: D
Jul 3, 2022

A. a named network location - not an MFA option B. the Microsoft Authenticator app - no mobile phones allowed C. Windows Hello for Business authentication - no biometrical options in the office and the data is stored in the local device - they switch PCs every day so D. FIDO2 key

bleedingingOption: D
May 24, 2022

D. This one is clever. Windows hello for Business would require each user to scan their faces for each computer. It wouldn't be a viable solution. it'd have to be Fido2 instead.

Yelad
Mar 30, 2022

On the exam - March 28, 2022

[Removed]Option: D
Dec 11, 2022

Ali_Pin explained correctly. FIDO2 is the correct answer.

AquinteroOption: D
Jan 26, 2023

D. Fichas FIDO2

Nivos23Option: D
Nov 3, 2023

Correct Answer is D

Jun143
Mar 21, 2022

just pass the exam today. This came in the question.

PanBrownOption: D
Apr 16, 2022

FIDO2 key is the only option in this situation.

janshalOption: C
Apr 19, 2022

The call center computers are NOT configured for biometric identification Answer- C

jasongaOption: D
May 25, 2022

windows hello for business can also use a PIN instead of biometrics so both it and fido are viable but I think fido is better don't like the question as either could be user

ZauberSRS
Nov 19, 2022

No, Windows Hello Pin is store locally, they may change computer every day it says

sapien45Option: D
Jun 22, 2022

Users can use passwordless credentials to access resources in tenants where they are a guest, but they may still be required to perform MFA in that resource tenant Fido2 is a MFAer

HalwagyOption: D
Jan 17, 2023

The FiDO2 token

ShoaibPKDXBOption: D
May 10, 2023

Correct D

dule27Option: D
Jun 7, 2023

D. FIDO2 tokens

EmnCoursOption: D
Jul 19, 2023

Correct Answer: D