Exam AZ-104 topic 1 question 2 discussion

B is correct, 1- the best way to enforce MFA is by Conditional Access 2- the device has to be identified by azure AD as A AD joined Device. 3- the trusted ip must be configured.

No, the solution does not meet the goal. To implement the required conditional access policy, the following steps should be taken: Create a new Conditional Access policy in Azure AD portal. Set the policy to require Multi-Factor Authentication and Azure AD device registration. In the policy's "Users and Groups" section, specify the Global Administrators group as the target. In the policy's "Conditions" section, specify the locations that are considered untrusted. Save the policy. Simply accessing the multi-factor authentication page and altering user settings does not provide a comprehensive solution to meet the stated goal.

Condition access policies aren't confugured on the multi-factor authentication MFA page, to achieve the desired results you'd need to create the conditional access policy in Azure AD specifying access, conditions, access controls.

You can understand the answer here: https://learn.microsoft.com/en-us/entra/identity/authentication/tutorial-enable-azure-mfa?toc=%2Fentra%2Fidentity%2Fconditional-access%2Ftoc.json&bc=%2Fentra%2Fidentity%2Fconditional-access%2Fbreadcrumb%2Ftoc.json

B should be right one

In my opinion the correct option is (B) To configure MFA the correct way is through Conditional Access Policies. Prepare smartly with Certsleader and ace your exam.

No, the solution does not meet the goal. To achieve the desired outcome, you need to configure a conditional access policy that specifically targets the Global Administrators group and sets the required conditions, such as Multi-Factor Authentication (MFA) and the use of an Azure AD-joined device when accessing from untrusted locations. Altering the session control alone is not sufficient to enforce these specific requirements. You would need to: 1. Create a new conditional access policy in the Azure portal. 2. Target the Global Administrators group. 3. Set the conditions to require MFA and an Azure AD-joined device. 4. Specify the locations considered untrusted. Would you like more detailed steps on how to configure this policy?

B is correct. You access the Azure portal to alter the grant control of the Azure AD conditional access policy. https://github.com/orgs/community/discussions/146738

B. No is the answer because to enable the MFA depending on the condition can only be enabled from the conditional access option. Not from MFA option

La bonne réponse c'est la A

You set MFA by conditional access and use the grant option

B is correct

This isn't a user setting; you need to create a conditional access policy: Under Assignments select the Global Admin Group Under Conditions set the location to any location and exclude all trusted locations Under Access Controls, grant access and check the options for require MFA and require the device to be marked as compliant.

No is right

B. No is the answer because to enable the MFA depending on the condition can only be enabled from the conditional access option. Not from MFA option

Correct Answer: B (No) In order to implement MFA and Azure AD-Joined device, you need to create a 'Conditional Access Policy'. To implement conditional access policy; Go to Microsoft Entra-->Protection-->Security Center-->Conditional Access Page. (Microsoft Entra Premium is required to implement Conditional Access policy) MFA page can't facilitate implementation of conditional access policy.

answer is B