You have an Azure Active Directory (Azure AD) tenant.
You have an existing Azure AD conditional access policy named Policy1. Policy1 enforces the use of Azure AD-joined devices when members of the Global
Administrators group authenticate to Azure AD from untrusted locations.
You need to ensure that members of the Global Administrators group will also be forced to use multi-factor authentication when authenticating from untrusted locations.
What should you do?
Click on the arrows to vote for the correct answer
A. B. C. D.D
The correct answer is A. From the Azure portal, modify session control of Policy1.
Explanation:
The scenario describes an existing Azure AD conditional access policy named Policy1 that enforces the use of Azure AD-joined devices when members of the Global Administrators group authenticate to Azure AD from untrusted locations. The requirement is to enforce multi-factor authentication for members of the Global Administrators group when they authenticate from untrusted locations.
To enforce multi-factor authentication, we need to modify the session control of Policy1. Session control defines the actions to take when a user session meets the specified conditions in a conditional access policy. To enforce multi-factor authentication, we need to add an additional session control that requires multi-factor authentication.
Follow these steps to modify the session control of Policy1:
The new session control will require members of the Global Administrators group to use multi-factor authentication when they authenticate from untrusted locations, in addition to the existing session control that enforces the use of Azure AD-joined devices.
Option B and C are incorrect because they refer to modifying the user or service settings for multi-factor authentication, which would apply to all users and services, not just members of the Global Administrators group.
Option D is incorrect because it refers to modifying the grant control of Policy1, which determines whether access is allowed or denied based on the outcome of the policy evaluation. Modifying grant control would not enforce multi-factor authentication.