Exam AZ-104 topic 1 question 2 discussion

B is correct, 1- the best way to enforce MFA is by Conditional Access 2- the device has to be identified by azure AD as A AD joined Device. 3- the trusted ip must be configured.

No, the solution does not meet the goal. To implement the required conditional access policy, the following steps should be taken: Create a new Conditional Access policy in Azure AD portal. Set the policy to require Multi-Factor Authentication and Azure AD device registration. In the policy's "Users and Groups" section, specify the Global Administrators group as the target. In the policy's "Conditions" section, specify the locations that are considered untrusted. Save the policy. Simply accessing the multi-factor authentication page and altering user settings does not provide a comprehensive solution to meet the stated goal.

Below are the possible options for this scenario. Consolidating here for easy read of subscribers. Solution: You access the multi-factor authentication page to alter the user settings. - No Solution: You access the Azure portal to alter the session control of the Azure AD conditional access policy. - No Solution: You access the Azure portal to alter the grant control of the Azure AD conditional access policy. - Yes

Below are the options for this question. Commenting here for easy read. Solution: You access the multi-factor authentication page to alter the user settings. - No Solution: You access the Azure portal to alter the session control of the Azure AD conditional access policy. - No Solution: You access the Azure portal to alter the grant control of the Azure AD conditional access policy. - Yes

Correctly requires configuration in the “Grant (Access Control)” section

B is the answer

I have finally achieved my AZ-104 certification! Although it required six months of studying, Examtopics Pro facilitated everything. It felt as if I had a study guide in my pocket, considering that around 90% of the exam questions originated from their site. The question bank is excellent, and the forums aided my comprehension of concepts I initially found challenging.

Policy should be configured at group level not at user level

Il faut configurer l'accès conditionnel en ajoutant MFA

Condition access policies aren't confugured on the multi-factor authentication MFA page, to achieve the desired results you'd need to create the conditional access policy in Azure AD specifying access, conditions, access controls.

You can understand the answer here: https://learn.microsoft.com/en-us/entra/identity/authentication/tutorial-enable-azure-mfa?toc=%2Fentra%2Fidentity%2Fconditional-access%2Ftoc.json&bc=%2Fentra%2Fidentity%2Fconditional-access%2Fbreadcrumb%2Ftoc.json

B should be right one

In my opinion the correct option is (B) To configure MFA the correct way is through Conditional Access Policies. Prepare smartly with Certsleader and ace your exam.

No, the solution does not meet the goal. To achieve the desired outcome, you need to configure a conditional access policy that specifically targets the Global Administrators group and sets the required conditions, such as Multi-Factor Authentication (MFA) and the use of an Azure AD-joined device when accessing from untrusted locations. Altering the session control alone is not sufficient to enforce these specific requirements. You would need to: 1. Create a new conditional access policy in the Azure portal. 2. Target the Global Administrators group. 3. Set the conditions to require MFA and an Azure AD-joined device. 4. Specify the locations considered untrusted. Would you like more detailed steps on how to configure this policy?

B. No is the answer because to enable the MFA depending on the condition can only be enabled from the conditional access option. Not from MFA option

La bonne réponse c'est la A

You set MFA by conditional access and use the grant option