Exam SC-300 topic 2 question 43 discussion

There should be an option for multiple answers. When configuring SSPR for a single method to reset there are two options - Mobile app code AND Email

本日時点で管理センターを確認したところ、唯一の方法としてモバイルアプリのコードが選択可能でした。（通知はグレーアウト）アドレスが不正解なのは、サインイン時に登録が必要だからでしょうか？

Answer b) a mobile app code https://learn.microsoft.com/en-us/entra/identity/authentication/concept-sspr-howitworks#mobile-app-and-sspr:~:text=When%20administrators%20require%20one%20method%20be%20used%20to%20reset%20a%20password%2C%20verification%20code%20is%20the%20only%20option%20available

D - You cannot have MS Authenticator app / Code selected when you have only 1 method to set for SSPR (greyed out now while you configure SSPR). One needs to select at least 2 methods for Authenticator app.

Oh well, same question in page 13 had a proper answer 'D'. What to say? If you selected mobile app as auth method AND only one method for verification, then indeed only CODE is possible. BUT what if the admin has selected Email, Mobile phone, and Security questions as only allowed auth methods?

D. an email address outside your organization. https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-howitworks "The Authenticator app can't be selected as the only authentication method when only one method is required." READ: when only one method is required. A. Smart Card- not an option in SSPR B. Mobile app code- available in Microsoft authenticator. C. a mobile app notification - not available as an option for single method D. email outside the organization - available option (in fact default) in SSPR

Correct Answer: B

B. a mobile app code

When administrators require one method be used to reset a password, verification code is the only option available. https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-howitworks#mobile-app-and-sspr

This isn't as straight forward as it seems and from what I can read it depends on whether the converged registration method(MFA & SSPR) is being used. If using the current SSPR registration then the answer would be be D as you can't use the App when only one method is required because it is not an available method on sign-up. "This requirement is because the current SSPR registration experience doesn't include the option to register the authenticator app. The option to register the authenticator app is included with the new combined registration experience." https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-howitworks#authentication-methods It's the other way around if the combined registration is used as email is only valid for SSPR and users won't be required to register it on sign up. It can be a secondary method. I can't tell from the question whether it's SSPR or combined registration. maybe someone else can? Guess I'll go with the consensus of B but ...?

B is Correct https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-howitworks

correct explanation by wooyou

D also a valid option