Configure Azure Portal Access for Administrators

C

The correct answer to the question is A. the multi-factor authentication (MFA) service settings.

Multi-factor authentication (MFA) is a security feature in Azure AD that requires users to provide more than one form of authentication to access the Azure portal. Typically, MFA requires users to provide a password and a verification code sent to a mobile device or generated by a mobile app.

To ensure that administrators can access the Azure portal only from your on-premises network, you can configure the MFA service settings to require verification codes only when users access the portal from outside of your network. This can be achieved by setting up a conditional access policy in Azure AD that requires MFA for all access to the Azure portal but excludes access from your on-premises network.

To implement this configuration, follow these steps:

1. Sign in to the Azure portal as a global administrator.

2. Go to the Azure AD blade, and then go to the Security section.

3. Select Conditional Access, and then click New policy.

4. Give the policy a name, and then add a description if desired.

5. Under Assignments, select Users and groups, and then select the administrators who should be subject to the policy.

6. Under Cloud apps or actions, select Microsoft Azure Management.

7. Under Conditions, add a condition to include your on-premises network.

8. Under Access controls, select Grant, and then select Require multi-factor authentication.

9. Click Done to save the policy.

With this configuration in place, the administrators will be required to provide a verification code in addition to their password when they access the Azure portal from outside of your on-premises network. However, when they access the portal from within your on-premises network, they will not be required to provide a verification code, thus ensuring that they can access the portal only from your trusted network.