You have an Azure Active Directory (Azure AD) tenant.
You have an existing Azure AD conditional access policy named Policy1. Policy1 enforces the use of Azure AD-joined devices when members of the Global Administrators group authenticate to Azure AD from untrusted locations.
You need to ensure that members of the Global Administrators group will also be forced to use multi-factor authentication when authenticating from untrusted locations.
What should you do?
A . From the Azure portal, modify session control of Policy1.
B . From multi-factor authentication page, modify the user settings.
C . From multi-factor authentication page, modify the service settings.
D . From the Azure portal, modify grant control of Policy1.
Answer: D
Explanation:
We need to modify the grant control of Policy1.
The grant control can trigger enforcement of one or more controls.
– Require multi-factor authentication (Azure Multi-Factor Authentication)
– Require device to be marked as compliant (Intune)
– Require Hybrid Azure AD joined device
– Require approved client app
– Require app protection policy
Note: It is now possible to explicitly apply the Require MFA for admins rule.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/untrusted-networks https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-baseline-protection
Latest AZ-300 Dumps Valid Version with 283 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund