Exam4Training

What should you do?

You have an Azure Active Directory (Azure AD) tenant.

You have an existing Azure AD conditional access policy named Policy1. Policy1 enforces the use of Azure AD-joined devices when members of the Global Administrators group authenticate to Azure AD from untrusted locations.

You need to ensure that members of the Global Administrators group will also be forced to use multi-factor authentication when authenticating from untrusted locations.

What should you do?
A . From the Azure portal, modify session control of Policy1.
B . From multi-factor authentication page, modify the user settings.
C . From multi-factor authentication page, modify the service settings.
D . From the Azure portal, modify grant control of Policy1.

Answer: D

Explanation:

We need to modify the grant control of Policy1.

The grant control can trigger enforcement of one or more controls.

– Require multi-factor authentication (Azure Multi-Factor Authentication)

– Require device to be marked as compliant (Intune)

– Require Hybrid Azure AD joined device

– Require approved client app

– Require app protection policy

Note: It is now possible to explicitly apply the Require MFA for admins rule.

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/untrusted-networks https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-baseline-protection

Latest AZ-300 Dumps Valid Version with 283 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Exit mobile version