Exam MS-102 topic 1 question 147 discussion

GPS location doesn't work with passwordless authentication methods and when the location condition of a Conditional Access policy is configured, users will be prompted by the Authenticator app to share their GPS location.

Correct. GPS location doesn't work with passwordless authentication methods. Multiple Conditional Access policies may prompt users for their GPS location before all are applied. Because of the way Conditional Access policies are applied, a user may be denied access if they pass the location check but fail another policy. For more information about policy enforcement, see the article Building a Conditional Access policy. Important Users may receive prompts every hour letting them know that Microsoft Entra ID is checking their location in the Authenticator app. The preview should only be used to protect very sensitive apps where this behavior is acceptable or where access needs to be restricted to a specific country/region. Therefore, user 1 has MFA registered app but not setup for passwordless authentication.

GPS location can be used with passwordless phone sign-in only if MFA push notifications are also enabled. Users can use Microsoft Authenticator to sign in, but they also need to approve subsequent MFA push notifications to share their GPS location. GPS location doesn't work when only passwordless authentication methods are set. Answer should be User 1 and 2

User1: Uses MFA with the Microsoft Authenticator app (push notification), which supports GPS-based conditions. User2: Uses passwordless authentication with MFA push notifications enabled, which supports GPS-based conditions. User3: Uses MFA with a mobile phone, which supports GPS-based conditions. User4: Uses MFA with email, which supports GPS-based conditions. GPS location can be used with passwordless phone sign-in only if MFA push notifications are also enabled. https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-assignment-network

Ignore user2. From User1, User3, User4. User4 is using email, User3 is using Mobile

https://learn.microsoft.com/en-us/entra/identity/conditional-access/location-condition GPS location doesn't work with passwordless authentication methods.

C is correct

Given answer is correct. Iwas confused because normally a CA policy would be able to help defend all users but...using GPS named locations requires a user to have the MS Authenticator app: " If you select Determine location by GPS coordinates, the user needs to have the Microsoft Authenticator app installed on their mobile device. Every hour, the system contacts the user’s Microsoft Authenticator app to collect the GPS location of the user’s mobile device. "