Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-104 All Questions

View all questions & answers for the AZ-104 exam
Go to Exam

Exam AZ-104 topic 1 question 4 discussion

Actual exam question from Microsoft's AZ-104
Question #: 4
Topic #: 1
[All AZ-104 Questions]

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
Your company has an Azure Active Directory (Azure AD) subscription.
You want to implement an Azure AD conditional access policy.
The policy must be configured to require members of the Global Administrators group to use Multi-Factor Authentication and an Azure AD-joined device when they connect to Azure AD from untrusted locations.
Solution: You access the Azure portal to alter the grant control of the Azure AD conditional access policy.
Does the solution meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Steve1983 at July 1, 2021, 8:57 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Micah7
Highly Voted 3 years, 1 month ago
Answer is A. There is another copy of this question that mentions going to the MFA page in Azure Portal as the solution = incorrect. On that page you cant make a Conditional Access Policy. I did this in lab step by step: - The Answer "A" is correct - Instead of the MFA page mentioned above, you have to go the route of Conditional Access Policy-->Grant Control mentioned here for this question. Under Grant Control you are given the option of setting MFA and requiring AD joined devices in the exact same window. Answer is correct.
upvoted 67 times
jackdryan
1 year, 7 months ago
A is correct.
upvoted 4 times
...
...
MCLC2021
Highly Voted 6 months ago
Correc Answer A (YES). Within a Conditional Access policy: Access Control GRANT: an administrator can use access controls to grant or block access to resources. Access Control SESSION: an administrator can make use of session controls to enable limited experiences within specific cloud applications. https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-session https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-grant
upvoted 6 times
...
SeMo0o0o0o
Most Recent 1 month ago
Selected Answer: A
A is correct
upvoted 1 times
...
Nico1973
2 months, 4 weeks ago
B. No Explanation: The provided solution does not meet the goal of requiring members of the Global Administrators group to use Multi-Factor Authentication and an Azure AD-joined device when connecting from untrusted locations. To achieve this, you need to configure the conditions and controls of the Azure AD conditional access policy, not just alter the grant control. By modifying the grant control, you are changing who the policy applies to, not the specific requirements for access.
upvoted 1 times
...
3c5adce
4 months, 3 weeks ago
Yes, the solution meets the goal. By configuring the Azure AD conditional access policy to require members of the Global Administrators group to use Multi-Factor Authentication (MFA) and an Azure AD-joined device when they connect from untrusted locations, you are effectively adding an additional layer of security to protect sensitive resources and data. This ensures that even if credentials are compromised, unauthorized access is prevented by requiring an additional verification step (MFA) and ensuring the device is trusted (Azure AD-joined).
upvoted 1 times
...
Amir1909
7 months, 3 weeks ago
No is correct
upvoted 1 times
...
Samiron512
7 months, 3 weeks ago
Selected Answer: B
correct answer is B. No
upvoted 1 times
...
Saurabh_Bhargav
8 months ago
A. Yes
upvoted 1 times
...
kkinna
8 months, 2 weeks ago
Selected Answer: B
because under grand control we can only set requiring MFA and require AD joined devices but not location. setting location requirements is located under conditions control panel
upvoted 1 times
...
_gio_
8 months, 3 weeks ago
Selected Answer: A
answer is A
upvoted 1 times
...
Minaru
11 months, 3 weeks ago
The correct answer is: A if you are accessing the Azure portal to alter the grant control of the Azure AD conditional access policy, and you are configuring it to require members of the Global Administrators group to use Multi-Factor Authentication and an Azure AD-joined device when connecting from untrusted locations, then the solution does indeed meet the goal.
upvoted 2 times
...
fiahbone
1 year ago
Selected Answer: A
Grant control is required for this action!
upvoted 2 times
...
james2033
1 year, 2 months ago
Selected Answer: A
Question's keyword "Azure portal to alter the grant control of the Azure AD conditional access policy", choose A. Azure portal can done this task.
upvoted 3 times
...
liketopass
1 year, 2 months ago
I would say 'partly' as there are 2 requirements : 1. use MFA 2. From untrusted location And this one only specifies one of them: To use MFA you indeed use the grant control part, but you would also need to configure the conditions to specify to exclude 'trusted locations' (effectively specifying untrusted locations) So actually it is maybe a NO as the solution does not meet the goal
upvoted 1 times
...
ShyamNallu_100813
1 year, 2 months ago
B Is correct
upvoted 1 times
...
dhivyamohanbabu
1 year, 3 months ago
Option A is correct..
upvoted 1 times
...
Madbo
1 year, 5 months ago
B. No Grant control settings in Azure AD conditional access policies determine which users, groups, or applications the policy applies to, but they do not specify the conditions under which the policy applies. To meet the stated goal, the session control settings, which determine the conditions under which the policy applies, should be modified to require MFA and Azure AD-joined devices for Global Administrators connecting from untrusted locations.
upvoted 3 times
...
Load full discussion...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel