MS-500 Exam QuestionsBrowse all questions from this exam
Go to Exam

MS-500 Exam - Question 249

You have an Azure Active Directory (Azure AD) tenant that has a Microsoft 365 subscription.

You recently configured the tenant to require multi-factor authentication (MFA) for risky sign-ins.

You need to review the users who required MFA.

What should you do?

Show Answer
Correct Answer: D

To review the users who required multi-factor authentication (MFA) for risky sign-ins, you should download the sign-ins report from the Azure Active Directory (Azure AD) admin center. This report provides the detailed authentication events, including those where MFA was required, and captures the relevant sign-in information, which can be reviewed in a CSV file.

Discussion

7 comments
Sign in to comment
maf001
Nov 29, 2020

To review and understand Azure AD Multi-Factor Authentication events, you can use the Azure Active Directory (Azure AD) sign-ins report. This report shows authentication details for events when a user is prompted for multi-factor authentication, and if any Conditional Access policies were in use. For detailed information on the sign-ins report

kiketxu
Mar 17, 2021

I would say D as correct answer here, because I don't believe the answer C is up-to-date or isn't complete. I mean.... currently (3/21) you don't need to donwload the csv. Just go to: AAD blade -> Security (missing in the C answer) -> Authentication methods -> Registration and reset events (not activities like C answer) https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-methods-activity#registration-and-reset-events

kiketxu
Mar 17, 2021

*is complete

Robert__Susin
Jul 28, 2021

I dont see where registration and reset of MFA relates to MFA prompt for risky sign-ins/risky users

Rstilekar
Nov 22, 2021

You can use the Azure Active Directory (Azure AD) sign-ins report that shows authentication details for events when a user is prompted for MFA, and if any Conditional Access policies were in use.

mkoprivnjOption: D
Dec 2, 2021

D is correct!

PattiD
Dec 19, 2020

Get-MsolUser -All | Select-Object @{N='UserPrincipalName';E={$_.UserPrincipalName}}, @{N='MFA Status';E={if ($_.StrongAuthenticationRequirements.State){$_.StrongAuthenticationRequirements.State} else {"Disabled"}}}, @{N='MFA Methods';E={$_.StrongAuthenticationMethods.methodtype}} | Export-Csv -Path c:\MFA_Report.csv -NoTypeInformation

PattiD
Dec 19, 2020

Correct Answer: D

PattiD
Dec 19, 2020

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-reporting#powershell-reporting-on-users-registered-for-mfa