Ensure Azure Portal Login Attempts Require MFA for Group1 | Microsoft AZ-304 Exam Solution

Implementing Azure Multi-Factor Authentication for Login Attempts from Unauthorized Countries | Group1 Access Review | AZ-304 Exam Solution

Question

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains a group named Group1. Group1 contains all the administrative user accounts.

You discover several login attempts to the Azure portal from countries where administrative users do NOT work.

You need to ensure that all login attempts to the Azure portal from those countries require Azure Multi-Factor Authentication (MFA).

Solution: Create an Access Review for Group1.

Does this solution meet the goal?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B.

B

Instead implement Azure AD Privileged Identity Management.

Note: Azure Active Directory (Azure AD) Privileged Identity Management (PIM) is a service that enables you to manage, control, and monitor access to important resources in your organization.

https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure

No, creating an Access Review for Group1 does not meet the goal of ensuring that all login attempts to the Azure portal from countries where administrative users do NOT work require Azure Multi-Factor Authentication (MFA).

An Access Review in Azure AD is a process that allows you to review and manage access to resources on a regular basis. It is typically used to ensure that only the right people have access to the right resources at the right time. Access Reviews can be used to review and manage access to Azure AD groups, enterprise applications, and SharePoint Online sites.

In this scenario, creating an Access Review for Group1 would not ensure that all login attempts to the Azure portal from countries where administrative users do NOT work require Azure Multi-Factor Authentication (MFA). An Access Review is a manual process that requires someone to review and manage access on a regular basis. It does not provide an automated way to enforce MFA for login attempts from specific countries.

To meet the goal of ensuring that all login attempts to the Azure portal from countries where administrative users do NOT work require Azure Multi-Factor Authentication (MFA), you can use Conditional Access policies in Azure AD. Conditional Access policies allow you to define access rules based on various conditions, such as the user's location or device. You can create a Conditional Access policy that requires MFA for login attempts from specific countries and assign it to the administrative users in Group1. This would ensure that all login attempts from those countries require MFA for authentication.