QUESTION 4: You have an Azure Active Directory (Azure AD) tenant. You have an existing Azure AD conditional access policy named Policy1. Policy1 enforces the use of Azure AD-joined devices when members of the Global Administrators group authenticate to Azure AD from untrusted locations. You need to ensure that members of the Global Administrators group will also be forced to use multi-factor authentication when authenticating from untrusted locations. What should you do?
\
A. From the Azure portal, modify session control of Policy1.
B. From multi-factor authentication page, modify the user settings.
C. From multi-factor authentication page, modify the service settings.
D. From the Azure portal, modify grant control of Policy1.
##########################
For your cloud Apps you may give your users access by user name and password but sometimes like to login to email and HR apps, it is advisable to stronger form of account verification such as multi-factor authentication (MFA). Here comes Conditional Access policy in AAD. It is available in Azure AD Premium. You can refer the image below for details;
There are two types of controls as highlighted above: Grant controls and and Session controls – To restrict access to a session Grant controls oversee whether a user can complete authentication and reach the resource that they’re attempting to sign-in to. If you have multiple controls selected, you can configure whether all of them are required when your policy is processed.
No comments:
Post a Comment