Exam AZ-104 All QuestionsBrowse all questions from this exam
Go to Exam
Question 4

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.

Your company has an Azure Active Directory (Azure AD) subscription.

You want to implement an Azure AD conditional access policy.

The policy must be configured to require members of the Global Administrators group to use Multi-Factor Authentication and an Azure AD-joined device when they connect to Azure AD from untrusted locations.

Solution: You access the Azure portal to alter the grant control of the Azure AD conditional access policy.

Does the solution meet the goal?

    Correct Answer: B

    The solution does not meet the goal. While altering the grant control of the Azure AD conditional access policy in the Azure portal can be part of the solution, it is not sufficient on its own. The policy needs to be configured with specific conditions and controls to require Multi-Factor Authentication (MFA) and the use of an Azure AD-joined device when connecting from untrusted locations. Altering the grant control alone does not cover these requirements; conditions must also be set to specify untrusted locations. Therefore, the correct answer is No.

Discussion
Micah7Option: A

Answer is A. There is another copy of this question that mentions going to the MFA page in Azure Portal as the solution = incorrect. On that page you cant make a Conditional Access Policy. I did this in lab step by step: - The Answer "A" is correct - Instead of the MFA page mentioned above, you have to go the route of Conditional Access Policy-->Grant Control mentioned here for this question. Under Grant Control you are given the option of setting MFA and requiring AD joined devices in the exact same window. Answer is correct.

jackdryan

A is correct.

MCLC2021Option: A

Correc Answer A (YES). Within a Conditional Access policy: Access Control GRANT: an administrator can use access controls to grant or block access to resources. Access Control SESSION: an administrator can make use of session controls to enable limited experiences within specific cloud applications. https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-session https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-grant

james2033Option: A

Question's keyword "Azure portal to alter the grant control of the Azure AD conditional access policy", choose A. Azure portal can done this task.

mattpaulOption: A

A is the clear option Get all questions from me contact me on <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="324253475e1c5f5346465a574541030b0502725d47465e5d5d591c515d5f">[email protected]</a>

MinaruOption: A

The correct answer is: A if you are accessing the Azure portal to alter the grant control of the Azure AD conditional access policy, and you are configuring it to require members of the Global Administrators group to use Multi-Factor Authentication and an Azure AD-joined device when connecting from untrusted locations, then the solution does indeed meet the goal.

fiahboneOption: A

Grant control is required for this action!

Nico1973Option: B

B. No Explanation: The provided solution does not meet the goal of requiring members of the Global Administrators group to use Multi-Factor Authentication and an Azure AD-joined device when connecting from untrusted locations. To achieve this, you need to configure the conditions and controls of the Azure AD conditional access policy, not just alter the grant control. By modifying the grant control, you are changing who the policy applies to, not the specific requirements for access.

3c5adceOption: A

Yes, the solution meets the goal. By configuring the Azure AD conditional access policy to require members of the Global Administrators group to use Multi-Factor Authentication (MFA) and an Azure AD-joined device when they connect from untrusted locations, you are effectively adding an additional layer of security to protect sensitive resources and data. This ensures that even if credentials are compromised, unauthorized access is prevented by requiring an additional verification step (MFA) and ensuring the device is trusted (Azure AD-joined).

Amir1909Option: B

No is correct

Samiron512Option: B

correct answer is B. No

mattpaulOption: A

A is correct answers Contact <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="f989988c95d794988d8d919c8e8ac8c0cec9b9968c8d95969692d79a9694">[email protected]</a> for full questions

Saurabh_BhargavOption: A

A. Yes

kkinnaOption: B

because under grand control we can only set requiring MFA and require AD joined devices but not location. setting location requirements is located under conditions control panel

_gio_Option: A

answer is A

JWS80

This question is outdated. The usage model (per enabled user or per authentication) is chosen when creating a Multi-Factor Auth Provider in the Microsoft Azure classic portal1. It is a consumption-based resource that is billed against the organization’s Azure subscription1. However, adding new providers has been disabled as of September 1, 2018 2. Therefore, none of the options A, B, C, or D are correct.

liketopassOption: B

I would say 'partly' as there are 2 requirements : 1. use MFA 2. From untrusted location And this one only specifies one of them: To use MFA you indeed use the grant control part, but you would also need to configure the conditions to specify to exclude 'trusted locations' (effectively specifying untrusted locations) So actually it is maybe a NO as the solution does not meet the goal

ShyamNallu_100813Option: B

B Is correct