You have a Microsoft 365 tenant.
All users have mobile phones and Windows 10 laptops.
The users frequently work from remote locations that do not have Wi-Fi access or mobile phone connectivity. While working from the remote locations, the users connect their laptops to a wired network that has internet access.
You plan to implement multi-factor authentication (MFA).
Which MFA authentication method can the users use from the remote location?
Windows Hello for Business replaces passwords with strong two-factor authentication on PCs and mobile devices. This method is tied to a device and utilizes either a biometric method (such as a fingerprint) or a PIN, providing a secure way to authenticate even when there is no mobile phone connectivity. After initial enrollment, Windows Hello for Business can be used in remote locations with wired network connectivity, making it a suitable choice for users working in such environments.
App Passwords are a legacy feature for old Office versions. Windows Hello is the way to go.
C should be the answer.
C is the answer
App Passwords are legacy
Windows Hello for Business is the correct answer.
App Passwords was deprecated last year. https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/deprecation-of-basic-authentication-exchange-online
Windows Hello
Exam has 311 questions... well minus 50 for the number of times this question pops up!
Actually, this situation won't stop to complete MFA via phone while almost all Laptops support Hotspot feature which you can turn on to share your wired internet via Laptop :) So, you can get your phone connected to the internet and continue your work... However, it is not in case for this question. If you are not able to perform 2 step verification for any reason, for example old apps do not support MFA, you still have option to use app password. So, if you set an app password for the app you will use at Laptop which will be connected to the internet via Wired internet, you can use that app password to by-pass MFA. Have good points!
A. App password is more correct according to this: When a user account is enforced for Microsoft Entra multifactor authentication, the regular sign-in prompt is interrupted by a request for additional verification. Some older applications don't understand this break in the sign-in process, so authentication fails. To maintain user account security and leave Microsoft Entra multifactor authentication enforced, app passwords can be used instead of the user's regular username and password. When an app password used during sign-in, there's no additional verification prompt, so authentication is successful. https://learn.microsoft.com/en-us/entra/identity/authentication/howto-mfa-app-passwords
Windows Hello for Business is the correct answer.
In Windows 10, Windows Hello for Business replaces passwords with strong two-factor authentication on PCs and mobile devices. This authentication consists of a new type of user credential that is tied to a device and uses a biometric or PIN. After an initial two-step verification of the user during enrollment, Windows Hello is set up on the user's device and Windows asks the user to set a gesture, which can be a biometric, such as a fingerprint, or a PIN. The user provides the gesture to verify their identity. Windows then uses Windows Hello to authenticate users. Incorrect Answers: A: An app password can be used to open an application but it cannot be used to sign in to a computer.
C is correct
C. Windows Hello for Business
C is correct
C is the correct answer. A is legacy authentication and would bypass MFA
There is nothing in question that says these devices are enabled for 'Windows Hello for Business'. Given answer is correct.
It says "You plan to implement multi-factor authentication (MFA)." that doesnt mean either they have the a option to implement an App... but you are assuming that