ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-140 All Questions

View all questions & answers for the AZ-140 exam
Go to Exam

Exam AZ-140 topic 3 question 9 discussion

Actual exam question from Microsoft's AZ-140
Question #: 9
Topic #: 3
[All AZ-140 Questions]

HOTSPOT -
You have an Azure Virtual Desktop Deployment that contains a workspace named Workspace1 and a user named User1. Workspace1 contains a Desktop application group named Pool1Desktop.
At 09:00, you create a conditional access policy that has the following settings:
✑ Assignments:
- Users and groups: User1
- Cloud apps or actions: Azure Virtual Desktop
- Conditions: 0 conditions selected
✑ Access controls
- Grant: Grant access, Require multi-factor authentication
- Sessions: Sign-in frequency 1 hour
User1 performs the actions shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/set-up-mfa
by Domza at Oct. 30, 2021, 4:11 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
NarenderSingh
Highly Voted 3 years, 2 months ago
Yes - Subscription to workspace need authentication, hence MFA required No – No action performed at 10:20 Yes – Connect to Pool1 need authentication at 13:50
upvoted 17 times
...
avertmeek
Highly Voted 3 years, 2 months ago
It's actually 9:20 on exam not 10:20
upvoted 11 times
...
kam247
Most Recent 4 months, 2 weeks ago
Should be YYY, 9:10am Subscribe to workspace1requires MFA, connect to pool1 which should require MFA for first time. Connecting again to pool1 over an hour later at 1:50pm should require MFA again. If user signed out and connecting again in less than 1 hours like 9:30am and 9:45am then wouldn't require MFA.
upvoted 1 times
...
Doornroosje
1 year, 9 months ago
Got this question on exam today.
upvoted 6 times
...
scottims
1 year, 10 months ago
Y,N,Y The last one is mentioned under Create a Conditional Access policy in the provided document link https://learn.microsoft.com/en-us/azure/virtual-desktop/set-up-mfa If you're using Azure Virtual Desktop (based on Azure Resource Manager), you can configure MFA on two different apps: Azure Virtual Desktop (app ID 9cdead84-a844-4324-93f2-b2e6bb768d07), which applies when the user subscribes to a feed and authenticates to the Azure Virtual Desktop Gateway during a connection.
upvoted 1 times
...
Dan_Turnbull
1 year, 11 months ago
I just tested this in my Dev environment. YNY is defo the correct answer
upvoted 1 times
...
Magis
2 years, 3 months ago
YNN MFA policy enabled for Azure Virtual Desktop which applies when user subscribes. Mentioned conditions do not force user resubscribe to the workspace. So he would not be needed reenter MFA untill next time when he will have resubscribe.
upvoted 3 times
...
afbnfz
2 years, 4 months ago
The given answer is correct. this is actually covered in the MS link shown in the reference "If you're using Azure Virtual Desktop (based on Azure Resource Manager), you can configure MFA on two different apps: - Azure Virtual Desktop (app ID 9cdead84-a844-4324-93f2-b2e6bb768d07), which applies when the user subscribes to a feed and authenticates to the Azure Virtual Desktop Gateway during a connection. - Microsoft Remote Desktop (app ID a4a365df-50f1-4397-bc59-1a1564b8bb9c), which applies when the user authenticates to the session host when single sign-on is enabled." There is no mention of SSO in the question so the CA policy would be enforced on both the subscription at 9:10 and the connection at 13:50. Y N Y
upvoted 4 times
...
pappkarcsiii
2 years, 7 months ago
Yes / No / No 3rd is no because it is a simple user login to the domain, not to the Azure.
upvoted 2 times
[Removed]
1 year, 5 months ago
The question does not mention that the Hosts are AD joined or joined to AADDS. They could be Azure AD connected which would utilize Azure AD as the identity provider/auth method for sign in.
upvoted 1 times
...
...
GreigFury
2 years, 8 months ago
Its Yes/No/No - the user will not be prompted connected to the virtual desktop, only when subscribing.
upvoted 3 times
pappkarcsiii
2 years, 7 months ago
correct
upvoted 1 times
...
mrcljnff
2 years, 2 months ago
not correct
upvoted 1 times
...
...
constructedrobot
2 years, 8 months ago
Y N Y https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-session-lifetime examples user sign-in frequency is set to 1 hour Example 2: At 00:00, a user signs in to their Windows 10 Azure AD joined device and starts work on a document stored on SharePoint Online. At 00:30, the user gets up and takes a break locking their device. At 00:45, the user returns from their break and unlocks the device. At 01:45, the user is prompted to sign in again based on the sign-in frequency requirement in the Conditional Access policy configured by their administrator since the last sign-in happened at 00:45.
upvoted 1 times
...
Eltooth
2 years, 10 months ago
Yes / No / No
upvoted 3 times
...
NotAChatBot
2 years, 11 months ago
Should be YYY even if the second time is 9.20 https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-session-lifetime
upvoted 1 times
NotAChatBot
2 years, 11 months ago
From the document "Example 1: At 00:00, a user signs in to their Windows 10 Azure AD joined device and starts work on a document stored on SharePoint Online. The user continues working on the same document on their device for an hour. At 01:00, the user is prompted to sign in again based on the sign-in frequency requirement in the Conditional Access policy configured by their administrator.
upvoted 1 times
...
...
staffo
2 years, 11 months ago
I have tested this. catamag i think your are right. I am prompted for MFA when subscribing to the feed but then not prompted again after that even after closing the remote desktop app and opening again. Its Yes, No, No
upvoted 6 times
...
Examtopicisawesome
3 years ago
Yes / No / Yes
upvoted 1 times
...
Ntk
3 years ago
the user signed out at 11:20 so the session for ten doesnt MFA
upvoted 1 times
...
catamag
3 years, 1 month ago
It could also be Yes, No, No. The first 2 are definitely correct, but the last one I'm not 100% sure. You are prompted for MFA only when subscribing to the feed, at 13:50 the user Connects to the Desktop which shouldn't trigger the MFA ( the authentication will happen at DC level ). But unfortunately I'm unable to test, because I don't have any rights to alter the CA rule. :(
upvoted 3 times
[Removed]
1 year, 5 months ago
This variant of the question does not mention that the hosts are AD or AADDS joined. So they may be utilizing AAD as their identity provider/auth mech, which would prompt for MFA based on the conditional access policy. I believe the correct answer is YNY
upvoted 1 times
...
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago