Your network contains an on-premises Active Directory and an Azure Active Directory (Azure AD) tenant.
You deploy Azure AD Connect and configure pass-through authentication?
Your Azure subscription contains several web apps that are accessed from the Internet.
You plan to enable Azure Multi-Factor Authentication (MFA) for the Azure tenant.
You need to recommend a solution to prevent users from being prompted for Azure MFA when they access the web apps from the on-premises network.
What should you include in the recommendation?
Click on the arrows to vote for the correct answer
A. B. C. D.D
The Trusted IPs feature of Azure Multi-Factor Authentication is used by administrators of a managed or federated tenant. The feature bypasses two-step verification for users who sign in from the company intranet. The feature is available with the full version of Azure Multi-Factor Authentication, and not the free version for administrators.
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings#trusted-ipsThe correct answer to the given scenario is D. Trusted IPs.
When an organization uses Azure AD for identity management and deploys Azure AD Connect with pass-through authentication, users' credentials are validated against the on-premises Active Directory. When a user accesses a web app hosted in Azure, Azure AD prompts for MFA based on the MFA policy applied to the user account. If you enable Azure MFA for the Azure tenant, all users are prompted for MFA, including those who access the web apps from the on-premises network.
To prevent users from being prompted for MFA when accessing web apps from the on-premises network, you should configure Trusted IPs in Azure AD. Trusted IPs are the public IP addresses or IP address ranges associated with the user's organization. Configuring Trusted IPs enables the organization's users to access web apps without being prompted for MFA when they are on the corporate network, but prompts them for MFA when they are outside of the corporate network.
Configuring a site-to-site VPN between the on-premises network and Azure or an Azure ExpressRoute circuit are not necessary to prevent users from being prompted for MFA when accessing web apps from the on-premises network. These solutions are used to provide secure and reliable connectivity between on-premises infrastructure and Azure.
An Azure policy is a set of rules that governs the behavior of resources in Azure. Policies are used to enforce organizational standards and to ensure compliance. Azure policies are not used to prevent users from being prompted for MFA when accessing web apps from the on-premises network.