AZ-301: Microsoft Azure Architect Design - Implementing Azure Multi-Factor Authentication (MFA) for Azure Portal Login Attempts from Non-Work Countries

Implementing Azure Multi-Factor Authentication (MFA) for Azure Portal Login Attempts from Non-Work Countries

Question

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure Active Directory (Azure AZD) tenant named contoso.com. The tenant contains a group named Group1. Group1 contains all the administrative user accounts.

You discover several login attempts to the Azure portal from countries where administrative users do NOT work.

You need to ensure that all login attempts to the Azure portal from those countries require Azure Multi-Factor Authentication (MFA).

Solution: You implement an access package.

Does this solution meet the goal?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B.

B

The solution of implementing an access package does not meet the stated goal of requiring MFA for all login attempts to the Azure portal from countries where administrative users do not work.

An access package is a collection of related resources that can be assigned to a user, group, or application. It is used to simplify the assignment and management of permissions for resources in Azure AD. Access packages can contain Azure AD groups, application assignments, and role assignments.

To meet the stated goal, you should configure Conditional Access policies in Azure AD. A Conditional Access policy is used to enforce access controls based on specific conditions, such as the location of the user or device, the application being accessed, or the type of device used to access the application.

To require MFA for all login attempts to the Azure portal from countries where administrative users do not work, you can create a Conditional Access policy that targets the Azure portal and specifies the locations from which access is allowed. You can then configure the policy to require MFA for access attempts that originate from any location other than the allowed locations.

Therefore, the correct answer is B. No, implementing an access package does not meet the stated goal of requiring MFA for all login attempts to the Azure portal from countries where administrative users do not work.