Exam SC-300 topic 8 question 2 discussion

Well, this is something confuse... They ask you to force MFA using CA policy. If you use it, you will be forced to register for MFA YES or YES and there will not be any 14 days grace period. This happens when you use CA, so if they are giving you the option to choose grace days, the answer cannot be MFA CA policy. It has to be MFA registration. I TESTED THIS! there you have, if they ask you for something with 14 days grace period, it cannot be MFA CA policy, if they don't give you that option on the exam, you can go for MFA CA.

First answer should be MFA registration policy. https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-mfa-policy#policy-configuration

There are two ways to get a 14-day grace period for MFA registration: Security Defaults (Free): Enables MFA for everyone in your tenant, no extra licenses needed. MFA Registration Policy (Paid): More granular control, requires Azure AD Premium P2 licenses. https://learn.microsoft.com/en-us/entra/id-protection/howto-identity-protection-configure-mfa-policy

MFA registration policy 14 days https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-mfa-policy#what-is-the-azure-ad-multifactor-authentication-registration-policy

MFA registration policy: https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-mfa-policy Microsoft Entra ID Protection will prompt your users to register the next time they sign in interactively and they'll have 14 days to complete registration

What are the technical requirements to be implemented to meet MFA?? These are:• Implement multi-factor authentication (MFA) for all Litware users by using conditional access policies. • Exempt users from using MFA to authenticate to Azure AD from the Boston office of Litware. • Enforce MFA when accessing on-premises applications. • Control all access to all Azure resources and Azure AD applications by using conditional access policies. • Implement a conditional access policy that has session controls for Microsoft SharePoint Online. So,,,, if you need Conditional Access Policies, not CA Registration policy..

Based on the MS link: https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-mfa-policy#what-is-the-azure-ad-multifactor-authentication-registration-policy Answer: MFA Registration Policy 14 Days

A Conditional access policy 14 days

I think the first answer is MFA registration policy : ......for the 14 day grace period to apply to users when registering for MFA, there are two ways to achieve this. One way would be to enable Security Defaults which would enable MFA for the entire tenant. This option does not need additional licenses and can be enabled from the AAD portal. The second option would be to enable the AAD MFA Registration Policy. To do this, you would require Identity Protection, which is included within the AAD Premium P2 licenses. This policy will apply to Conditional Access Policies.

I would say conditional access policy since it said to Implement multi-factor authentication (MFA) for all Litware users by using conditional access policies. 14 day grace period. Exempt users from using MFA to authenticate to Azure AD from the Boston office of Litware.

MFA registration Policy 14 days should be the answer