Exam AZ-104 All QuestionsBrowse all questions from this exam
Go to Exam
Question 2

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.

Your company has an Azure Active Directory (Azure AD) subscription.

You want to implement an Azure AD conditional access policy.

The policy must be configured to require members of the Global Administrators group to use Multi-Factor Authentication and an Azure AD-joined device when they connect to Azure AD from untrusted locations.

Solution: You access the multi-factor authentication page to alter the user settings.

Does the solution meet the goal?

    Correct Answer: B

    Accessing the multi-factor authentication page to alter user settings allows you to configure multi-factor authentication requirements for users. However, to meet the goal of requiring members of the Global Administrators group to use Multi-Factor Authentication and an Azure AD-joined device when connecting to Azure AD from untrusted locations, you need to create a conditional access policy in Azure AD. Conditional access policies allow you to specify conditions, such as the user's group membership and their device's joining status, and enforce specific access controls based on these conditions.

Discussion
green_arrowOption: B

B is correct, 1- the best way to enforce MFA is by Conditional Access 2- the device has to be identified by azure AD as A AD joined Device. 3- the trusted ip must be configured.

jackdryan

B is correct. You access the Azure portal to alter the grant control of the Azure AD conditional access policy.

qsmsfktt

Ref: www.reddit.com/user/learnmicrosoft

rzv

brooo we lost mlantonis and tedz

omw2wealth

i sit for the exam this saturday, and i really apreciate this dudes a lot!

Pamban

what happened to them? mlantonis's answers are spot on!!!

DC1234

Who are they?

bryant12138

some legends have actively shared their solutions with sufficient proof in the past. Even 2 years later, I still feel grateful for their contributes.

MinaruOption: B

Correct answer is B. The solution does not meet the goal. While accessing the multi-factor authentication page allows you to configure multi-factor authentication for users, it does not specifically target the members of the Global Administrators group. To meet the goal of requiring Global Administrators to use Multi-Factor Authentication and an Azure AD-joined device when connecting from untrusted locations, you need to set up an Azure AD conditional access policy.

pb7o61Option: B

Given the requirements, you need to set up an Azure AD conditional access policy that enforces both Multi-Factor Authentication (MFA) and the use of Azure AD-joined devices for members of the Global Administrators group when connecting from untrusted locations. The provided solution suggests accessing the multi-factor authentication page to alter user settings. This would allow you to enforce MFA, but it does not address the requirement for the use of Azure AD-joined devices when they connect from untrusted locations. Thus, the solution does not fully meet the goal. The answer is: B. No.

go4adilOption: B

Correct Answer: B (No) In order to implement MFA and Azure AD-Joined device, you need to create a 'Conditional Access Policy'. To implement conditional access policy; Go to Microsoft Entra-->Protection-->Security Center-->Conditional Access Page. (Microsoft Entra Premium is required to implement Conditional Access policy) MFA page can't facilitate implementation of conditional access policy.

go4adil

Ref: https://learn.microsoft.com/en-us/entra/identity/authentication/tutorial-enable-azure-mfa?toc=%2Fentra%2Fidentity%2Fconditional-access%2Ftoc.json&bc=%2Fentra%2Fidentity%2Fconditional-access%2Fbreadcrumb%2Ftoc.json

tsummeyOption: B

This isn't a user setting; you need to create a conditional access policy: Under Assignments select the Global Admin Group Under Conditions set the location to any location and exclude all trusted locations Under Access Controls, grant access and check the options for require MFA and require the device to be marked as compliant.

james2033Option: B

The keywords: - 1 Azure Active Directory subscription. - 1 Azure Active Directory Conditional Access Policy. - must, require, members, Global Administrators group - use MFA + Azure-Active-Directory-Joined device (untrusted locations) - MFA page to Alter the user settings (this is the most key information). Cannot use MFA (multi-factor authentication) page --to--> Alter the user settings. Therefore, answer is B. (No).

HaraTadahisa

Will this question still appear on the actual exam as of June 23, 2024? If not, I will only solve the second half of the 280 questions that include paid access.

fiahboneOption: B

The clue to the answer is in the question. You want to implement an Azure AD conditional access policy.

dhivyamohanbabuOption: B

Option B.

mattpaulOption: B

B is correct Get all questions from me contact me on <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="c1b1a0b4adefaca0b5b5a9a4b6b2f0f8f6f181aeb4b5adaeaeaaefa2aeac">[email protected]</a>

tashakoriOption: B

No is right

Saurabh_BhargavOption: B

B. No is the answer because to enable the MFA depending on the condition can only be enabled from the conditional access option. Not from MFA option

_gio_Option: B

answer is B

79652e9Option: B

B is correct

alexel222Option: B

correcto

ShyamNallu_100813Option: B

B is correct ans