Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains a group named Group1. Group1 contains all the administrative user accounts.
You discover several login attempts to the Azure portal from countries where administrative users do NOT work.
You need to ensure that all login attempts to the Azure portal from those countries require Azure Multi-Factor Authentication (MFA).
Solution: Implement Azure AD Privileged Identity Management.
Does this solution meet the goal?
Click on the arrows to vote for the correct answer
A. B.A
Azure Active Directory (Azure AD) Privileged Identity Management (PIM) is a service that enables you to manage, control, and monitor access to important resources in your organization.
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configureThe solution provided of implementing Azure AD Privileged Identity Management (PIM) does not meet the goal of requiring Azure Multi-Factor Authentication (MFA) for all login attempts from specific countries.
Azure AD PIM is a solution that provides time-bound and scoped access to Azure resources. It enables just-in-time access to Azure AD roles, Azure resources, and Azure management tasks. It provides an additional layer of security by requiring users to activate their assignments for a specified amount of time, after which their permissions are revoked. However, it does not provide MFA enforcement based on country location.
To meet the goal of requiring MFA for login attempts from specific countries, Azure AD Conditional Access can be used. Conditional Access is a feature of Azure AD that allows you to control how authorized users access your applications based on conditions. It allows you to create policies that require MFA for access from certain locations or under certain conditions.
To implement this solution, you can create a new Conditional Access policy that targets the Azure portal and requires MFA for access from specific countries. This policy can be applied to the Group1 that contains all the administrative user accounts.
In summary, the provided solution of implementing Azure AD Privileged Identity Management does not meet the goal of requiring Azure Multi-Factor Authentication (MFA) for all login attempts from specific countries. The appropriate solution is to use Azure AD Conditional Access to create a policy that requires MFA for access from specific countries.