GPS location doesn't work with passwordless authentication methods and when the location condition of a Conditional Access policy is configured, users will be prompted by the Authenticator app to share their GPS location.
Correct. GPS location doesn't work with passwordless authentication methods.
Multiple Conditional Access policies may prompt users for their GPS location before all are applied. Because of the way Conditional Access policies are applied, a user may be denied access if they pass the location check but fail another policy. For more information about policy enforcement, see the article Building a Conditional Access policy.
Important
Users may receive prompts every hour letting them know that Microsoft Entra ID is checking their location in the Authenticator app. The preview should only be used to protect very sensitive apps where this behavior is acceptable or where access needs to be restricted to a specific country/region. Therefore, user 1 has MFA registered app but not setup for passwordless authentication.
GPS location can be used with passwordless phone sign-in only if MFA push notifications are also enabled. Users can use Microsoft Authenticator to sign in, but they also need to approve subsequent MFA push notifications to share their GPS location.
GPS location doesn't work when only passwordless authentication methods are set.
Answer should be User 1 and 2
User1: Uses MFA with the Microsoft Authenticator app (push notification), which supports GPS-based conditions.
User2: Uses passwordless authentication with MFA push notifications enabled, which supports GPS-based conditions.
User3: Uses MFA with a mobile phone, which supports GPS-based conditions.
User4: Uses MFA with email, which supports GPS-based conditions.
GPS location can be used with passwordless phone sign-in only if MFA push notifications are also enabled.
https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-assignment-network
https://learn.microsoft.com/en-us/entra/identity/conditional-access/location-condition
GPS location doesn't work with passwordless authentication methods.
Given answer is correct. Iwas confused because normally a CA policy would be able to help defend all users but...using GPS named locations requires a user to have the MS Authenticator app:
"
If you select Determine location by GPS coordinates, the user needs to have the Microsoft Authenticator app installed on their mobile device. Every hour, the system contacts the user’s Microsoft Authenticator app to collect the GPS location of the user’s mobile device.
"
upvoted 3 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Vincent1966
Highly Voted 1 year, 6 months agoVaerox
1 year, 1 month agoBigO76
3 months, 1 week agobasak
10 months, 1 week agofaeem
Highly Voted 1 year, 5 months agovixxx83
Most Recent 2 days, 7 hours agoFrank9020
4 months agoAPK1
7 months agoTomtom11
1 year agoAmir1909
1 year, 1 month agoVaerox
1 year, 1 month ago