exam questions

Exam AZ-104 All Questions

View all questions & answers for the AZ-104 exam

Exam AZ-104 topic 1 question 3 discussion

Actual exam question from Microsoft's AZ-104
Question #: 3
Topic #: 1
[All AZ-104 Questions]

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
Your company has an Azure Active Directory (Azure AD) subscription.
You want to implement an Azure AD conditional access policy.
The policy must be configured to require members of the Global Administrators group to use Multi-Factor Authentication and an Azure AD-joined device when they connect to Azure AD from untrusted locations.
Solution: You access the Azure portal to alter the session control of the Azure AD conditional access policy.
Does the solution meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
edengoforit
Highly Voted 2 years, 10 months ago
Sign in to the Azure portal as a global administrator, security administrator, or Conditional Access administrator. Browse to Azure Active Directory > Security > Conditional Access. Select New policy. Give your policy a name. We recommend that organizations create a meaningful standard for the names of their policies. Under Assignments, select Users and groups Under Include, select All users Under Exclude, select Users and groups and choose your organization's emergency access or break-glass accounts. Select Done. Under Cloud apps or actions > Include, select All cloud apps. Under Exclude, select any applications that don't require multi-factor authentication. Under Access controls > Grant, select Grant access, Require multi-factor authentication, and select Select. Confirm your settings and set Enable policy to Report-only. Select Create to create to enable your policy.
upvoted 16 times
...
Minaru
Highly Voted 2 months, 2 weeks ago
Correct answer is B. The solution mentioned does not fully meet the goal of requiring members of the Global Administrators group to use Multi-Factor Authentication and an Azure AD-joined device when they connect from untrusted locations. While accessing the Azure portal to alter the session control is a step in the right direction, it's essential to configure the specific conditions and controls in the Azure AD conditional access policy to enforce these requirements. To achieve the goal, you need to create or modify an Azure AD conditional access policy and specify the conditions that require Multi-Factor Authentication and Azure AD-joined devices for members of the Global Administrators group when they access Azure AD from untrusted locations. Simply accessing the Azure portal to alter session control is not sufficient to fully implement this policy.
upvoted 8 times
...
SeMo0o0o0o
Most Recent 3 months ago
Selected Answer: B
B is correct grant control, not session control
upvoted 1 times
...
tsummey
5 months, 2 weeks ago
Selected Answer: B
Under Assignments select the Global Admin Group Under Conditions set the location to any location and exclude all trusted locations Under Access Controls, grant access and check the options for require MFA and require the device to be marked as compliant.
upvoted 3 times
...
3ba6d0b
6 months ago
Selected Answer: B
questions 3 and 4 are identical.
upvoted 1 times
RealmTarget
3 days, 3 hours ago
No. One is asking about grant controls and one is session controls. Grant controls are correct. Because you want to grant access in these situations. https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-grant https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-session
upvoted 1 times
...
...
76d5e04
6 months, 1 week ago
Hello All I see lot of recommendtions to check "Mlantonis" answers.Please let me know how to find it in this huge blog
upvoted 1 times
...
MCLC2021
8 months ago
Correc Answer B (NO). Within a Conditional Access policy: Access Control GRANT: an administrator can use access controls to grant or block access to resources. Access Control SESSION: an administrator can make use of session controls to enable limited experiences within specific cloud applications.
upvoted 3 times
...
_gio_
10 months, 3 weeks ago
Selected Answer: B
answer is B
upvoted 1 times
...
DBFront
1 year, 1 month ago
Selected Answer: B
B is correct, needs to be grant control
upvoted 1 times
...
ShyamNallu_100813
1 year, 4 months ago
Selected Answer: A
ANS :A
upvoted 3 times
SivaPannier
1 year, 3 months ago
I think the Answer is A only. I could see session control option in the Conditional Access Policy configuration page. Grant control should not be for session control. see the link below...
upvoted 1 times
...
SivaPannier
1 year, 3 months ago
Sorry I am wrong in the earlier comment. The correct answer is B only, for the given requirement there is no need to configure anything in the session control page of conditional access policy. Hence this action will not fulfill the project requirement.
upvoted 3 times
...
...
james2033
1 year, 4 months ago
Selected Answer: B
Focus at text "alter the session", it make B is correct choice.
upvoted 2 times
...
dhivyamohanbabu
1 year, 5 months ago
option B is correct
upvoted 1 times
...
Madbo
1 year, 7 months ago
Solution B is not correct because it suggests creating a new resource group for each department. While this approach could be used to organize resources, it does not allow for direct association between the virtual machines and their respective departments. Assigning tags to the virtual machines is a better solution for this requirement.
upvoted 1 times
...
emptyH
1 year, 7 months ago
Selected Answer: B
Answer is B. Require MFA is a checkbox listed within the GRANT control portion of the conditional access policy.
upvoted 3 times
...
TunaSD
1 year, 8 months ago
No, the solution does not meet the goal. Altering the session control of the Azure AD conditional access policy alone will not achieve the desired requirements. You need to configure a conditional access policy that requires Multi-Factor Authentication (MFA) and an Azure AD-joined device for members of the Global Administrators group when connecting from untrusted locations.
upvoted 1 times
...
SindhuM
1 year, 9 months ago
A - is correct
upvoted 1 times
...
vishalarora1607
1 year, 9 months ago
Selected Answer: B
No this is not the way to achieve this.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...