You have an Azure Active Directory (Azure AD) tenant named contoso.com.
You create a terms of use (ToU) named Terms1 in contoso.com.
You are creating a conditional access policy named Policy1 to assign a cloud app named App1 to the users in contoso.com.
You need to configure Policy1 to require the users to accept Terms1.
What should you configure in Policy1?
To configure Policy1 to require users to accept Terms1, you should configure the session controls in the Access controls section. Session controls in Azure AD Conditional Access policies enable administrators to enforce additional requirements for users, such as agreeing to terms of use, during their session. This option allows the configuration of specific behaviors during a user's session with a cloud app, which includes the acceptance of terms of use.
Answer A is correct. I just configured this in the MD-101 lab. Though, the "Terms Of Use" itself should be setup first before this option becomes available in the "grant" part of the policy. But that is not part of the question..
Answer is A "If your organization has created terms of use, additional options may be visible under grant controls. These options allow administrators to require acknowledgment of terms of use as a condition of accessing the resources protected by the policy" https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-grant#require-approved-client-app
Definitely A. https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/require-tou#create-your-conditional-access-policy
A is correct.
Conditional Access -Access Control -Require app protection policy -ToU
Answer is either A or B. What should you do first It is not uncommon for the 2nd step to be listed as an option, to really see if you know what you are doing. Option B initially could be a candidate for this aspect. This question is referring to the manual registration of devices to autopilot. NOT C If B,C,D needs to be considered then we need a CSV file not a XML file. NOT D Refers to win7/8.1 I believe
Additionally: Manually register devices with Windows Autopilot\ https://docs.microsoft.com/en-us/mem/autopilot/add-devices Windows Autopilot device registration can be done within your organization by manually collecting the hardware identity of devices (hardware hashes) and uploading this information in a comma-separated-value (CSV) file. Capturing the hardware hash for manual registration requires booting the device into Windows 10. Device owners can only register their devices with a hardware hash. Other methods (PKID, tuple) are available through OEMs or CSP partners. Website talks about sysprep if the devices have already been connected to the internet. Phoenix computers are to be used at home. Answer is either A or B. Need more discussion......
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-grant#terms-of-use
I believe B. Conditions in the Assignments section is the correct answer here. "Within a Conditional Access policy, an administrator can make use of signals from conditions like risk, device platform, or location to enhance their policy decisions." A. Grant in the Access controls section - "Within a Conditional Access policy, an administrator can make use of access controls to either grant or block access to resources. Block takes into account any assignments and prevents access based on the Conditional Access policy configuration. Administrators can choose to enforce one or more controls when granting access." Such as MFA. https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-Conditions https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-grant Other thoughts?
How to deploy Terms of Use in Azure Active Directory - https://www.youtube.com/watch?v=N4vgqHO2tgY