You have a Microsoft 365 Enterprise E5 subscription. You need to enforce multi-factor authentication on all cloud-based applications for the users in the finance department. What should you do?
A.
Create a sign-in risk policy.
B.
Create a new app registration.
C.
Assign an Enterprise Mobility + Security E5 license to the finance department users.
D.
Configure the sign-in status for the user accounts of the finance department users.
Suggested Answer:A🗳️
You can configure a sign-in risk policy that applies to the Finance department users. The policy can be configured to 'Allow access' but with multi-factor authentication as a requirement. Note: There are several versions of this question in the exam. The question has two possible correct answers: 1. Create a sign-in risk policy. 2. Create a conditional access policy. Other incorrect answer options you may see on the exam include the following: 1. Create an activity policy. 2. Create a session policy. 3. Create an app permission policy. 4. Configure the sign-in status for the user accounts of the finance department users. 5. Assign an Enterprise Mobility + Security E5 license to the finance department users. Reference: https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-sign-in-risk-policy
I guess the real answer is to Create a Conditional Access Policy for the Finance Department.
But in this question there is no such, so assuming that the risky finance user which make the answer A
Yes, it must be a typo as all of the other answers are even more useless. You could argue assigning an E5 license could be helpful if they are using Azure MFA but they could also just use per user MFA which doesn't require any licenses.
You can use MFA for 'all cloud apps' you AAD P1 or AMFA license assigned, but for O365 licensed user there is free MFA valid for all apps and services in Office.
The answer should be conditional access policy. The answer does not make sense...
Sign-in risk is based on heuristic data like:
Users with leaked credentials.
Sign-ins from anonymous IP addresses.
Impossible travel to atypical locations.
Sign-ins from infected devices.
Sign-ins from IP addresses with suspicious activity.
Sign-ins from unfamiliar locations.
We can not decide that the users in the finance department are risky users, or have risky sign-in's...
User risk policy uses leaked credentials, but signin risk is not.
upvoted 1 times
...
...
This section is not available anymore. Please use the main Exam Page.MS-100 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
fofo1960
Highly Voted 3 years, 6 months agoBoxGhost
2 years, 12 months agoOne111
2 years, 4 months agoStartkabels
Most Recent 2 years, 4 months agoStorm
3 years, 3 months agoOne111
2 years, 4 months ago