MS-101 Exam QuestionsBrowse all questions from this exam
Go to Exam

MS-101 Exam - Question 17

You configure a conditional access policy. The locations settings are configured as shown in the Locations exhibit. (Click the Locations tab.)

Exam MS-101 Question 17

The users and groups settings are configured as shown in the Users and Groups exhibit. (Click Users and Groups tab.)

Exam MS-101 Question 17

Members of the Security reader group report that they cannot sign in to Microsoft Active Directory (Azure AD) on their device while they are in the office.

You need to ensure that the members of the Security reader group can sign in in to Azure AD on their device while they are in the office. The solution must use the principle of least privilege.

What should you do?

Show Answer
Correct Answer: D

To ensure that members of the Security reader group can sign in to Azure AD on their device while they are in the office, you need to create a named location. By defining a named location in the Azure Active Directory admin center and marking it as trusted, you can specify trusted IP ranges which can then be used in the conditional access policies. This approach follows the principle of least privilege by granting access based on the specified trusted locations.

Discussion

10 comments
Sign in to comment
MCSA11
Apr 11, 2020

D. From the Azure Active Directory admin center, create a named location.

stromnessian
Feb 20, 2021

D for sure. One of the most straightforward questions possible. Add a named location IP range (in Azure AD portal -> Security -> Named locations) and mark it as trusted.

Prianishnikov
Apr 6, 2021

D. From the Azure Active Directory admin center, create a named location.

TonySuccess
Aug 7, 2020

You have the policy, so now you need the named location. D.

us3rOption: D
Dec 11, 2021

D is always the answer ;-)

KrokodilBLUEZZOption: D
Jan 19, 2022

D is correct.

mkoprivnj
Jan 27, 2021

D is correct!

hosseny
Dec 22, 2020

D. From the Azure Active Directory admin center, create a named location.

Rstilekar
Jan 27, 2021

Conditional access policy has to work with Compliance policy. So i think the right answer should be C.

HvD
Apr 26, 2021

Could you elaborate? CA CAN use compliancy (as a condition), but it's not required.

Yetijo
Sep 14, 2021

This is incorrect. The answer is D. You need to create a named location. I can understand where you might think this is correct without experience, but it is not accurate.

RascoPK
Mar 25, 2020

Notmsure this is right. Nothing on MS page that would explain this anwser

piceknick
Apr 3, 2020

Named locations are trusted for CA policies

Storm
Dec 17, 2021

When you create a named location, you can choose trusted or not trusted

Storm
Dec 17, 2021

When you create a named location, you can choose trusted or not trusted