Implement Azure AD Privileged Identity Management
Question
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AZD) tenant named contoso.com. The tenant contains a group named Group1. Group1 contains all the administrative user accounts.
You discover several login attempts to the Azure portal from countries where administrative users do NOT work.
You need to ensure that all login attempts to the Azure portal from those countries require Azure Multi-Factor Authentication (MFA).
Solution: Implement Azure AD Privileged Identity Management.
Does this solution meet the goal?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B.A
The solution provided, which is to implement Azure AD Privileged Identity Management, does not meet the stated goal of requiring Azure Multi-Factor Authentication (MFA) for all login attempts to the Azure portal from countries where administrative users do NOT work.
Azure AD Privileged Identity Management is a solution for managing and controlling access to resources within an organization. It allows organizations to create and manage roles, assign users to those roles, and require approval before granting access to privileged resources. While this solution can help prevent unauthorized access to resources by administrative users, it does not address the issue of login attempts from unauthorized countries.
To require Azure MFA for login attempts from specific countries, you can use Azure AD Conditional Access policies. With Azure AD Conditional Access, you can create policies that require MFA when specific conditions are met, such as when the login attempt is from a specific country or region.
To implement this solution, you can create a new conditional access policy and configure it to require MFA for login attempts from the countries where administrative users do NOT work. This policy can then be assigned to the Azure AD group that contains the administrative user accounts.
In summary, the solution provided does not meet the stated goal, but Azure AD Conditional Access policies can be used to require MFA for login attempts from specific countries.
