Azure AD Tenant Configuration | Restricting Azure Portal Access to On-Premises Network | AZ-300 Exam

Restrict Azure Portal Access | On-Premises Network | AZ-300

Prev Question Next Question

Question

You have an Azure Active Directory (Azure AD) tenant.

All administrators must enter a verification code to access the Azure portal.

You need to ensure that the administrators can access the Azure portal only from your on-premises network.

What should you configure?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

D

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings

The correct answer for this scenario is D. the multi-factor authentication service settings.

Explanation:

To ensure that administrators can access the Azure portal only from the on-premises network, multi-factor authentication (MFA) needs to be enabled for their accounts. MFA requires additional verification beyond a username and password, which means the administrators must provide a verification code to access the Azure portal. By enabling MFA, the authentication process becomes more secure and difficult to compromise.

To configure MFA in Azure Active Directory, follow these steps:

  1. Sign in to the Azure portal with your administrator account.

  2. Select Azure Active Directory from the left navigation pane.

  3. Select Security from the Azure Active Directory navigation pane.

  4. Under Security, select Multi-factor authentication.

  5. In the Multi-factor authentication page, select Service settings.

  6. In the Service settings page, enable MFA for all users.

  7. In the Additional cloud-based MFA settings section, enable the option to allow access only from specific IP addresses.

  8. Add the on-premises network IP address range to the allowed IP addresses list.

  9. Save the changes.

After enabling MFA and restricting access to the Azure portal only from the on-premises network, administrators will be required to enter their verification code every time they attempt to access the Azure portal from outside the on-premises network. This adds an additional layer of security and ensures that only authorized individuals have access to the Azure portal.

Option A: the default for all the roles in Azure AD Privileged Identity Management is not related to the scenario.

Option B: an Azure AD Identity Protection user risk policy is used to detect and mitigate potential risks to user accounts based on user behavior and other factors. It is not related to the scenario.

Option C: an Azure AD Identity Protection sign-in risk policy is used to detect and mitigate potential risks to sign-in attempts based on various factors. It is not related to the scenario.

Prev Question Next Question