ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-102 All Questions

View all questions & answers for the MS-102 exam
Go to Exam

Exam MS-102 topic 1 question 281 discussion

Actual exam question from Microsoft's MS-102
Question #: 281
Topic #: 1
[All MS-102 Questions]

HOTSPOT
-

You have a Microsoft 365 E5 subscription.

You need to create a Conditional Access policy that will require the use of FIDO2 security keys only when users join their Windows devices to Microsoft Entra ID.

How should you configure the policy? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by Motanel at April 24, 2024, 9:20 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Motanel
Highly Voted 1 year ago
User Actions - here you choose the policy to apply when the user joins the device. Device Platform - because it is a Windows device Require authentication strength - to require FIDO2 Key
upvoted 27 times
...
Tr619899
Highly Voted 6 months, 3 weeks ago
1. Target resources: Select "User Actions" since joining a device is categorized as a user action. 2. Conditions: Choose "Device platforms" to target Windows devices. 3. Grant access: "Set Require authentication strength" to enforce FIDO2 security key usage for authentication.
upvoted 5 times
...
Frank9020
Most Recent 5 months, 1 week ago
Target resources: User actions. Conditions: Device platforms Grant access: Require authentication strength. Choose FIDO2 security key as the required authentication method.
upvoted 4 times
...
Tomtom11
8 months ago
https://learn.microsoft.com/en-us/entra/identity/conditional-access/how-to-policy-mfa-device-register-join
upvoted 2 times
...
APK1
8 months, 1 week ago
FIDO2 required authentication strength Answer is User Action Device Platform Require Authentication Strength
upvoted 3 times
...
Nico282
9 months, 3 weeks ago
User Actions -> has the "Register or join devices" option Device Platform -> Windows Require multifactor authentication -> this message pops up when you select Register or Join device: <Only "Require multifactor authentication" can be used in policies created for the "Register or join devices" user action.>
upvoted 1 times
...
TonyManero
11 months, 3 weeks ago
https://cloudbrothers.info/en/fido2-security-keys-are-important/ For the user action “Register or join devices” there is only the “Require multi-factor authentication” option available.
upvoted 2 times
BJS78
11 months ago
OK, but why would you like to register or join a device? Here we are controlling cloud app access, and it is now irrelevant if the device is in AAD or not. You can access Entra from a non-registered device as well, all you need is a capable browser.
upvoted 1 times
TonyManero
10 months, 4 weeks ago
To register because the question says: "when users join their Windows devices to Microsoft Entra ID". Moreover the question doesn't talk about "cloud app access", it talks about devices.
upvoted 1 times
...
...
...
oopspruu
12 months ago
1. User Actions 2. Device Platform 3. You can only use "Require MFA" with the Join or Register device user action. Tested in lab.
upvoted 3 times
BJS78
11 months ago
Then pls test again. Grant control has 7 options and you need "Require authentication strength" for FIDO.
upvoted 4 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago