ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-500 All Questions

View all questions & answers for the AZ-500 exam
Go to Exam

Exam AZ-500 topic 2 question 52 discussion

Actual exam question from Microsoft's AZ-500
Question #: 52
Topic #: 2
[All AZ-500 Questions]

HOTSPOT -

You have a Microsoft Entra tenant named contoso.com.

You collaborate with a partner organization that has a Microsoft Entra tenant named fabrikam.com. Fabrikam.com has multi-factor authentication (MFA) enabled for all users.

Contoso.com has the Cross-tenant access settings configured as shown in the Cross-tenant access settings exhibit. (Click the Cross-tenant access settings tab.)



Contoso.com has the External collaboration settings configured as shown in the External collaboration settings exhibit. (Click the External collaboration settings tab.)



You create a Conditional Access policy that has the following settings:
• Name: CAPolicy1
• Assignments
o Guest or external users: B2B collaboration guest users
o Target resources
- Include: All cloud apps
• Access controls
- Grant access
• Require device to be marked as compliant
• Require multi-factor authentication
- Enable policy: On

For each of the following statements, select Yes if the statement is true, otherwise select No.

NOTE: Each correct section is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by 153a793 at Oct. 6, 2024, 5:32 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
cerifyme85
Highly Voted 9 months ago
Yes-No-Yes
upvoted 9 times
Andreas_Czech
7 months, 1 week ago
1: yes; 2: no; 3: yes 1: allowed by the Conditional Policy; 2: enable the Trust Settings would be correct, but the Conditional Policy requires MFA; 3: because of the Guest User Access Restrictions -> … have the same Access as Members …
upvoted 5 times
...
...
luisribeiro199
Most Recent 1 month, 3 weeks ago
No- device compliance is not recognizable, neither MFA is trusted since Trust settings are disabled. Yes - Fabrikam.com users already get their internal MFA checks, so if Contoso had their Trust settings configured they could minimize their MFA requests by using the one from Fabrikam's home tenant No - Their compliance isn't recognizable, so doesn't matter. If it was, then yes they could review user properties since they have the same access as members
upvoted 3 times
...
Hot_156
4 months, 4 weeks ago
1. No – Truest settings are not enabled for the compliant claims to be used from fabrikam.com 2. Yes – If you enable the truest settings, you can achieve this. 3. Yes/No – See both reasoning, a. Yes – The user could have both compliant claims but the question is not about access, it is about the GUEST USER ACCESS CONFIGURATION. This is set to users have the same access as members and members can see properties from other users b. No – The compliant claim thing????
upvoted 1 times
...
Srirupam
8 months ago
Yes -Yes -No
upvoted 3 times
...
153a793
9 months ago
Following statements, in sequence, describes the functionalities and configurations related to B2B collaboration and B2B direct connect in Microsoft Entra
upvoted 2 times
153a793
9 months ago
Following statements, in sequence, describes the functionalities and configurations related to B2B collaboration and B2B direct connect in Microsoft Entra: • B2B collaboration allows inviting guest users without synchronization between Entra organizations. B2B direct connect involves a mutual trust relationship for seamless resource sharing, currently available for Microsoft Teams, without the need for guest user management. • By default, B2B collaboration does not automatically enable trust for MFA and device claims; these need to be configured. However, without enabling trust, any user can invite guest users. B2B direct connect requires explicit configuration to establish the trust relationship. • Enabling trust relationship, between two Entra organizations, allows you to accept MFA and device claims from the guest organization, but you can still apply additional Conditional Access policies as needed.
upvoted 2 times
153a793
9 months ago
• If the trust relationship is not enabled, MFA and device claims from the guest tenant will not be considered. In that case, guest users will need to meet your organization’s MFA and device compliance requirements independently, based on Conditional Access policy. • Disabling Conditional Access at the organization level, including MFA and device claims, can be considered weak security as it reduces the layers of protection for accessing resources. In case of social identity provider, trust setting are based on security functionality of external identity provider while conditional access can still be configured and enforced for MFA and device claims
upvoted 2 times
shadad
8 months, 2 weeks ago
so the answer is ?
upvoted 5 times
ca7859c
1 month, 2 weeks ago
Answer is: NYN
upvoted 1 times
ca7859c
3 weeks, 6 days ago
2nd One is Y MFA claims\Device Compliance\Hybrid Joined Devices can be trusted from other https://learn.microsoft.com/en-us/entra/external-id/cross-tenant-access-settings-b2b-collaboration#to-change-inbound-trust-settings-for-mfa-and-device-claims
upvoted 1 times
...
...
...
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel