HOTSPOT - For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
Suggested Answer:
Box 1: Yes - Conditional access policies can be applied to all users
Box 2: No - Conditional access policies are applied after first-factor authentication is completed.
Box 3: Yes - Users with devices of specific platforms or marked with a specific state can be used when enforcing Conditional Access policies. Reference: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview
The answer is Yes, No, Yes
https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-policies
https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-conditions
Given answers are correct.
Conditional Access policies are enforced after first-factor authentication is completed. Conditional Access isn't intended to be an organization's first line of defense for scenarios like denial-of-service (DoS) attacks, but it can use signals from these events to determine access.
Source: https://learn.microsoft.com/en-us/entra/identity/conditional-access/location-condition
I would say YYY.
For the second one, Yes Conditional Access takes place after first factor authentication, but, a user is not authenticated after first factor authentication. First factor authentication is only part of the authentication process. A user is not fully authenticated until they have completed Conditional Access as well, so Conditional Access takes place BEFORE a user is authenticated as it is part of the authentication process.
Correct answer is: YYY
for the 2nd one, Conditional access policies in Azure Active Directory (Azure AD) are evaluated before a user is authenticated. Conditional access allows organizations to enforce additional security requirements and controls based on specific conditions, such as user location, device state, or risk level.
How is it, that a global administrator could be included in complience policies? Shouldn´t he be in the top of the hierarchy? isn´t the one who makes the rules?
Global admin accounts are the ones that you need to secure the most. If anything, more conditional access policies should apply to them, not less.
However, it is recommended to set up a break-glass account in case of emergency. Or in case you mess up configuring a conditional access policy and block yourself (and other admins) from reverting it. The emergency account should be excluded from all conditional access policies. But it should therefore be VERY closely monitored and not used for anything else.
https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/plan-conditional-access#set-up-emergency-access-accounts
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Fuji_56
Highly Voted 2 years, 10 months agoDhamus
1 year, 9 months agoM36570
Highly Voted 2 years, 8 months agom0gu3
Most Recent 1 month, 2 weeks agoLegendaryZA
4 months, 4 weeks agorodrigoisalino
9 months agoloeloe5
9 months agouser_666
1 year, 1 month agoRamye
1 year, 2 months agoRahulX
1 year, 6 months agofurq2904
1 year, 8 months agoCertAddict69
1 year, 9 months agomanofsteel9
1 year, 9 months agoKing_Lam
1 year, 11 months agoNicochet
2 years agoWhyiest
2 years, 1 month agoWhyiest
2 years, 1 month agoricardo_27_04_1978
2 years, 2 months agoOG_Diablo
2 years, 2 months agoJohn316
2 years, 2 months agoIXone
2 years, 4 months ago