ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-300 All Questions

View all questions & answers for the SC-300 exam
Go to Exam

Exam SC-300 topic 2 question 24 discussion

Actual exam question from Microsoft's SC-300
Question #: 24
Topic #: 2
[All SC-300 Questions]

HOTSPOT -
You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

User2 reports that he can only configure multi-factor authentication (MFA) to use the Microsoft Authenticator app.
You need to ensure that User2 can configure alternate MFA methods.
Which configuration is required, and which user should perform the configuration? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: Modify security defaults.
Privileged Authentication Administrator
Users with this role can set or reset any authentication method (including passwords) for any user, including Global Administrators. Privileged Authentication
Administrators can force users to re-register against existing non-password credential (such as MFA or FIDO) and revoke 'remember MFA on the device', prompting for MFA on the next sign-in of all users.
The Authentication Administrator role has permission to force re-registration and multifactor authentication for standard users and users with some admin roles.

Box 2: User1 only.
Security Administrator.
Users with this role have permissions to manage security-related features in the Microsoft 365 Defender portal, Azure Active Directory Identity Protection, Azure
Active Directory Authentication, Azure Information Protection, and Office 365 Security & Compliance Center.
Incorrect:
Not User3. Service Support Administrator.
Users with this role can create and manage support requests with Microsoft for Azure and Microsoft 365 services, and view the service dashboard and message center in the Azure portal and Microsoft 365 admin center.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference
by DeepMoon at Sept. 21, 2022, 9:36 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
geobarou
Highly Voted 1 year, 10 months ago
Checked in SC300 MOC book. The answer is correct
upvoted 11 times
...
Cepheid
Highly Voted 1 year, 7 months ago
The correct answer really is security defaults. PIM has nothing to do with it. When you disable security defaults, you can modify MFA settings.
upvoted 9 times
BB6919
1 year, 7 months ago
I agree with Cepheid. We don't need to modify anything within the Security default. Just need to disable it so that we can use Conditional access.
upvoted 2 times
...
kanew
1 year, 2 months ago
Agree. Security Defaults is the only correct answer I can see. I haven't tested it but it makes sense and here is the statement from MS that I believe supports it . It suggests that the Authenticator App is the only enabled MFA option in Sec Defaults. "Requiring all users and admins to register for MFA using the Microsoft Authenticator app or any third-party application using OATH TOTP." https://learn.microsoft.com/en-us/microsoft-365/business-premium/m365bp-turn-on-mfa?view=o365-worldwide&tabs=secdefaults
upvoted 3 times
...
...
JuanZ
Most Recent 3 months, 2 weeks ago
Modify security settiings Privileged Authentication Administrator This is a privileged role. Assign the Privileged Authentication Administrator role to users who need to do the following: Set or reset any authentication method (including passwords) for any user, including Global Administrators.
upvoted 2 times
...
Tuvshinjargal
5 months, 3 weeks ago
I think it is PIM and User 1. User 1 can the appropriate permission to User 2 for a while with PIM. There is no way to modify Security Defaults.
upvoted 1 times
...
vaaws
8 months, 3 weeks ago
Security Defaults User2
upvoted 3 times
SFAY
6 months, 2 weeks ago
User 2 is not the right answer. User 2 already has a PAA role assigned however is unable to do the task. Therefore, the only other possible choice is Security Admin which is User 1.
upvoted 1 times
...
...
dule27
1 year, 1 month ago
Modify security defaults User1 only
upvoted 3 times
...
ShoaibPKDXB
1 year, 2 months ago
Correct
upvoted 1 times
...
BB6919
1 year, 7 months ago
I agree with Cepheid. We don't need to modify anything within the Security default. Just need to disable it so that we can use Conditional access.
upvoted 1 times
...
chrisp1992
1 year, 7 months ago
Authentication Methods are handled in the Security Blade of Azure AD, not PIM. Seems strange, and I can't find anywhere in PIM to modify MFA methods.
upvoted 2 times
...
[Removed]
1 year, 7 months ago
Agree with DeepMoon. Security Defaults cannot be modified, it must be PIM. 2nd answer is correct.
upvoted 3 times
...
ooltie
1 year, 9 months ago
Correct. Security Defaults requires "Require all users to register for Azure AD Multi-Factor Authentication" Users have 14 days to register for Azure AD Multi-Factor Authentication by using the Microsoft Authenticator app or any app supporting OATH TOTP. https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults#require-all-users-to-register-for-azure-ad-multi-factor-authentication
upvoted 3 times
...
DeepMoon
1 year, 10 months ago
I agree with the 2nd part of the answer. But I do question the first part. My assumption is the first part of this answer should be PIM. Security defaults turn on MFA. But I don't see a place where an admin gets to choose multiple methods. Unfortunately, I don't have P2 license to test this.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago