Exam AZ-104 All QuestionsBrowse all questions from this exam
Go to Exam
Question 3

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.

Your company has an Azure Active Directory (Azure AD) subscription.

You want to implement an Azure AD conditional access policy.

The policy must be configured to require members of the Global Administrators group to use Multi-Factor Authentication and an Azure AD-joined device when they connect to Azure AD from untrusted locations.

Solution: You access the Azure portal to alter the session control of the Azure AD conditional access policy.

Does the solution meet the goal?

    Correct Answer: B

    The solution does not meet the goal because altering the session control of the Azure AD conditional access policy is not sufficient to enforce the required conditions for Multi-Factor Authentication and Azure AD-joined devices. To meet the goal, the policy should be configured by altering the grant control, not the session control. The grant control allows administrators to enforce access requirements such as Multi-Factor Authentication and device compliance, which are necessary for ensuring that members of the Global Administrators group use an Azure AD-joined device and MFA when connecting from untrusted locations.

Discussion
lyxOption: B

Ans: No. You alter the grant control, not session control

YooOY

Under Access controls > Grant, select Grant access, Require multi-factor authentication, and select Select. https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-all-users-mfa

jackdryan

B is correct. You access the Azure portal to alter the grant control of the Azure AD conditional access policy.

go4adil

Correct Answer: B (No) In order to implement MFA and Azure AD-Joined device, you need to create a 'Conditional Access Policy'. To implement conditional access policy; Go to Microsoft Entra-->Protection-->Security Center-->Conditional Access Page-->Modify Grant Control (Not Session Control) -->Grant Access (Microsoft Entra Premium is required to implement Conditional Access policy) https://learn.microsoft.com/en-us/entra/identity/authentication/tutorial-enable-azure-mfa?toc=%2Fentra%2Fidentity%2Fconditional-access%2Ftoc.json&bc=%2Fentra%2Fidentity%2Fconditional-access%2Fbreadcrumb%2Ftoc.json

MohsenSic

It is now in device settings and not protection, https://learn.microsoft.com/en-us/entra/identity/devices/media/manage-device-identities/device-settings-azure-portal.png

epic13131

Was on my exam.

MinaruOption: B

Correct answer is B. The solution mentioned does not fully meet the goal of requiring members of the Global Administrators group to use Multi-Factor Authentication and an Azure AD-joined device when they connect from untrusted locations. While accessing the Azure portal to alter the session control is a step in the right direction, it's essential to configure the specific conditions and controls in the Azure AD conditional access policy to enforce these requirements. To achieve the goal, you need to create or modify an Azure AD conditional access policy and specify the conditions that require Multi-Factor Authentication and Azure AD-joined devices for members of the Global Administrators group when they access Azure AD from untrusted locations. Simply accessing the Azure portal to alter session control is not sufficient to fully implement this policy.

MCLC2021Option: B

Correc Answer B (NO). Within a Conditional Access policy: Access Control GRANT: an administrator can use access controls to grant or block access to resources. Access Control SESSION: an administrator can make use of session controls to enable limited experiences within specific cloud applications. https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-session https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-grant

Misty39

does anyone have updated questions from 21.08.2023 with contributor access and can send me through email: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="27434853435048554b4367404a464e4b0944484a">[email protected]</a> Thank you in advance.

DM25

In Aug 2023 if I'm right they didn't change syllabus but made it open book. Yes it would be great to hear from someone who took after that. I am planning to write soon

ShyamNallu_100813Option: A

ANS :A

SivaPannier

I think the Answer is A only. I could see session control option in the Conditional Access Policy configuration page. Grant control should not be for session control. see the link below... https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-session.

SivaPannier

Sorry I am wrong in the earlier comment. The correct answer is B only, for the given requirement there is no need to configure anything in the session control page of conditional access policy. Hence this action will not fulfill the project requirement.

ristst001

Hey folks, just got home from the testing center, passed with 900/1000 and I owe it all to ET, mlantonis and the gang here. This site is the SHIZZLE, it is spot frikkin' on! Learn all these questions and you WILL pass, guaranteed. I had one case study (it's here), and 51 questions, with only a couple I'd never seen. I had to make myself slow down, and I was thinking my score should've been higher, but that was likely due to the fact that I damn near answered a number of them immediately without reading the question! NO LABS. I can finally get my life back now...oh sleep, blessed sleep...

Dan76

Does anyone have updated questions from 21.09.2023 (21sh of Sep) with contributor access and can send them to me through email: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="1b7f7a75727e776c727777682c2d5b7c767a727735787476">[email protected]</a>. I would really appreciate it as I need to write and prepare for this exam with limited time and can't afford the contributor access. Thanks. I need to write the exam before the end of this month

james2033Option: B

Focus at text "alter the session", it make B is correct choice.

lipaj79558Option: B

ITexamslab. B. No Explanation: The solution does not meet the goal because it only mentions altering session controls of the conditional access policy without specifying the required conditions of Multi-Factor Authentication and Azure AD-joined device for Global Administrators from untrusted locations. The policy must explicitly enforce these requirements to fulfill the stated goal.

mattpaulOption: B

B is correct Get all questions from me contact me on <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="eb9b8a9e87c5868a9f9f838e9c98dad2dcdbab849e9f87848480c5888486">[email protected]</a>

tsummeyOption: B

Under Assignments select the Global Admin Group Under Conditions set the location to any location and exclude all trusted locations Under Access Controls, grant access and check the options for require MFA and require the device to be marked as compliant.

3ba6d0bOption: B

questions 3 and 4 are identical.

76d5e04

Hello All I see lot of recommendtions to check "Mlantonis" answers.Please let me know how to find it in this huge blog

tashakoriOption: B

No is right

_gio_Option: B

answer is B

DBFrontOption: B

B is correct, needs to be grant control