ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-104 All Questions

View all questions & answers for the AZ-104 exam
Go to Exam

Exam AZ-104 topic 1 question 4 discussion

Actual exam question from Microsoft's AZ-104
Question #: 4
Topic #: 1
[All AZ-104 Questions]

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
Your company has an Azure Active Directory (Azure AD) subscription.
You want to implement an Azure AD conditional access policy.
The policy must be configured to require members of the Global Administrators group to use Multi-Factor Authentication and an Azure AD-joined device when they connect to Azure AD from untrusted locations.
Solution: You access the Azure portal to alter the grant control of the Azure AD conditional access policy.
Does the solution meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Steve1983 at July 1, 2021, 8:57 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Micah7
Highly Voted 3 years, 8 months ago
Answer is A. There is another copy of this question that mentions going to the MFA page in Azure Portal as the solution = incorrect. On that page you cant make a Conditional Access Policy. I did this in lab step by step: - The Answer "A" is correct - Instead of the MFA page mentioned above, you have to go the route of Conditional Access Policy-->Grant Control mentioned here for this question. Under Grant Control you are given the option of setting MFA and requiring AD joined devices in the exact same window. Answer is correct.
upvoted 71 times
jackdryan
2 years, 1 month ago
A is correct.
upvoted 5 times
...
...
MCLC2021
Highly Voted 1 year ago
Correc Answer A (YES). Within a Conditional Access policy: Access Control GRANT: an administrator can use access controls to grant or block access to resources. Access Control SESSION: an administrator can make use of session controls to enable limited experiences within specific cloud applications. https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-session https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-grant
upvoted 7 times
...
Makaziwe
Most Recent 2 days, 2 hours ago
Selected Answer: A
Altering the grant control of Azure AD condition policy allows you to: require MFA, require the devices to be compliant for Azure AD joint
upvoted 1 times
...
[Removed]
2 months ago
Selected Answer: B
this is the same as q 2,3,4 the correct answer is B
upvoted 1 times
...
[Removed]
7 months, 2 weeks ago
Selected Answer: A
A is correct
upvoted 1 times
...
Nico1973
9 months, 1 week ago
B. No Explanation: The provided solution does not meet the goal of requiring members of the Global Administrators group to use Multi-Factor Authentication and an Azure AD-joined device when connecting from untrusted locations. To achieve this, you need to configure the conditions and controls of the Azure AD conditional access policy, not just alter the grant control. By modifying the grant control, you are changing who the policy applies to, not the specific requirements for access.
upvoted 2 times
...
3c5adce
11 months, 1 week ago
Yes, the solution meets the goal. By configuring the Azure AD conditional access policy to require members of the Global Administrators group to use Multi-Factor Authentication (MFA) and an Azure AD-joined device when they connect from untrusted locations, you are effectively adding an additional layer of security to protect sensitive resources and data. This ensures that even if credentials are compromised, unauthorized access is prevented by requiring an additional verification step (MFA) and ensuring the device is trusted (Azure AD-joined).
upvoted 1 times
...
Amir1909
1 year, 2 months ago
No is correct
upvoted 1 times
...
Samiron512
1 year, 2 months ago
Selected Answer: B
correct answer is B. No
upvoted 1 times
...
Saurabh_Bhargav
1 year, 2 months ago
A. Yes
upvoted 1 times
...
kkinna
1 year, 2 months ago
Selected Answer: B
because under grand control we can only set requiring MFA and require AD joined devices but not location. setting location requirements is located under conditions control panel
upvoted 1 times
...
_gio_
1 year, 3 months ago
Selected Answer: A
answer is A
upvoted 1 times
...
Minaru
1 year, 6 months ago
The correct answer is: A if you are accessing the Azure portal to alter the grant control of the Azure AD conditional access policy, and you are configuring it to require members of the Global Administrators group to use Multi-Factor Authentication and an Azure AD-joined device when connecting from untrusted locations, then the solution does indeed meet the goal.
upvoted 2 times
...
fiahbone
1 year, 7 months ago
Selected Answer: A
Grant control is required for this action!
upvoted 2 times
...
james2033
1 year, 9 months ago
Selected Answer: A
Question's keyword "Azure portal to alter the grant control of the Azure AD conditional access policy", choose A. Azure portal can done this task.
upvoted 3 times
...
liketopass
1 year, 9 months ago
I would say 'partly' as there are 2 requirements : 1. use MFA 2. From untrusted location And this one only specifies one of them: To use MFA you indeed use the grant control part, but you would also need to configure the conditions to specify to exclude 'trusted locations' (effectively specifying untrusted locations) So actually it is maybe a NO as the solution does not meet the goal
upvoted 1 times
...
ShyamNallu_100813
1 year, 9 months ago
B Is correct
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago