Exam SC-300 topic 2 question 71 discussion

A. FIDO2 security keys, can only be added in Manage mode. Question says "You enable combined registration in interrupt mode." B. Hardware token – You cannot register with hardware token. C. Email is supported. D. Windows Hello for Business is not supported. E. Microsoft Authenticator app is supported.

AE is NOT correct. CE is the only possibility. Why? A. FIDO2 security keys, can only be added in Manage mode B. Hardware tokens cannot be used in combined registration. D. Windows Hello for business cannot be used in combined registration. In fact, this is a passwordless authentication platform (with PIN and biometric methods) Read the table and the Notes sections here: https://learn.microsoft.com/en-us/entra/identity/authentication/concept-registration-mfa-sspr-combined#methods-available-in-combined-registration

E. is given, C. is only other option since a OTP (One Time Passcode) is generated from Email. FIDO2 is supported for Combined Registration Mode, but not for Interrupt mode. Reference this doc about 2/5 to 1/2 way down: https://learn.microsoft.com/en-us/entra/identity/authentication/concept-registration-mfa-sspr-combined Reference

Methods available in combined registration https://learn.microsoft.com/en-us/entra/identity/authentication/concept-registration-mfa-sspr-combined

https://learn.microsoft.com/en-us/entra/identity/authentication/tutorial-enable-sspr Choose the Methods available to users that your organization wants to allow. For this tutorial, check the boxes to enable the following methods: Mobile app notification Mobile app code Email Mobile phone

redundant comment, just voting to correct the distribution: Read the table and the Notes sections here: https://learn.microsoft.com/en-us/entra/identity/authentication/concept-registration-mfa-sspr-combined#methods-available-in-combined-registration

As per Microsoft's documentation, A and E in the available choices. https://learn.microsoft.com/en-us/entra/identity/authentication/concept-registration-mfa-sspr-combined#methods-available-in-combined-registration

I think the answer C & E is correct. On the link page, it goes like this. FIDO2 security keys, can only be added in Manage mode on https://aka.ms/mysecurityinfo. https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-registration-mfa-sspr-combined Meaning I think through the combined registration process the user cannot choose FIDO2 but only on their own 365 security page.

As per the official documentation: https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-registration-mfa-sspr-combined - Hardware token is not an option to register. - a one-time passcode email is not even listed. - Windows Hello for Bussines is not even listed. Correct responses: - A. a FIDO2 security key - E. the Microsoft Authenticator app

A. a FIDO2 security key: Users can use a FIDO2 security key, which is a hardware device that provides strong authentication, typically in the form of a USB key or a biometric-enabled key. E. the Microsoft Authenticator app: Users can use the Microsoft Authenticator app, which supports multi-factor authentication (MFA) and can generate one-time passcodes or be used for push notifications for MFA approval. So, User1 can use these two methods to complete the combined registration process.