Configure Azure AD for Multi-Factor Authentication

D

You can configure a Conditional Access policy that requires MFA for access from untrusted networks.

The correct answer is D. Conditional Access.

Conditional Access is a policy-based evaluation engine in Azure AD that allows administrators to define rules and controls that determine whether a user is allowed or denied access to an application or resource based on certain conditions, such as network location, device type, or user group.

To ensure that users use multi-factor authentication (MFA) to access Azure apps from untrusted networks, you can create a conditional access policy that requires MFA when a user is accessing Azure apps from an untrusted network.

To create a conditional access policy that requires MFA for Azure apps from untrusted networks, follow these steps:

1. Sign in to the Azure portal and go to Azure Active Directory.
2. Click on Conditional Access under Security.
3. Click New policy.
4. Give the policy a name and click Users and groups to specify who the policy applies to.
5. Click Cloud apps or actions to select the Azure apps that the policy applies to.
6. Click Conditions to set the conditions under which the policy applies. In this case, select the Locations condition and choose the Untrusted locations option.
7. Click Access controls to configure the controls that apply when the conditions are met. In this case, select the Grant access option and choose Require multi-factor authentication.
8. Click On to enable the policy and then click Create to save the policy.

With this policy in place, users will be required to use MFA to access Azure apps when they are accessing them from an untrusted network. This will help to enhance the security of your Azure AD accounts and prevent unauthorized access to your Azure resources.