HOTSPOT
-
You have a Microsoft 365 E5 subscription.
You plan to create a Conditional Access policy named Policy1.
You need to ensure that only Passwordless MFA authentication methods are used when administrators attempt to access the Azure portal. Azure PowerShell, or Azure Command-Line Interface (CLI).
How should you configure Policy1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Require authentication strength, Windows Azure Service Management API
correct https://learn.microsoft.com/en-us/entra/identity/conditional-access/policy-old-require-mfa-azure-mgmt#create-a-conditional-access-policy
Not quite correct. From the URL you provided... 1. Require multifactor authentication. "7. Under Access controls > Grant, select Grant access, Require multifactor authentication, and select Select." 2. Windows Azure Service Management API. "6. Under Target resources > Resources (formerly cloud apps) > Include > Select resources, choose Windows Azure Service Management API, and select Select."
Not fully correct. We need "Require authentication strength" to be able to select "Passwordless MFA". Simple MFA is not good enough here.
JohnDoe is correct Authentication Strength (MFA isn't phishing resistant or paswordless Authentication strengths Administrators can specify an authentication strength to access a resource by creating a Conditional Access policy with the Require authentication strength control. They can choose from three built-in authentication strengths: Multifactor authentication strength, Passwordless MFA strength, and Phishing-resistant MFA strength. They can also create a custom authentication strength based on the authentication method combinations they want to allow. For an example, the built-in Phishing-resistant MFA strength allows the following combinations: Windows Hello for Business Or FIDO2 security key Or Microsoft Entra certificate-based authentication (Multifactor)