Enable Multi-Factor Authentication for Tenant2 in Azure AD - Exam AZ-100 Answer

C

To enable Multi-factor authentication (MFA) for the users in Tenant2 while maintaining MFA for Tenant1, you should create and link a new Azure AD tenant (Tenant2) to your Azure subscription (Subscription1). Therefore, the correct answer is A. Create and link a subscription to Tenant2.

Explanation:

Multi-factor authentication (MFA) is a security measure that requires users to provide additional authentication factors, such as a code sent to their mobile device, in addition to their password to access Azure resources. MFA can be enabled at the user or organization level in Azure AD.

In this scenario, MFA is already enabled for all users in Tenant1, and you need to enable MFA for the users in Tenant2 without affecting Tenant1. To achieve this, you can create and link a new Azure AD tenant (Tenant2) to your Azure subscription (Subscription1), which will allow you to manage both tenants and apply separate MFA policies to each tenant.

To create and link a new Azure AD tenant to your Azure subscription, you can follow these steps:

1. In the Azure portal, go to the Subscriptions blade and select your subscription (Subscription1).
2. In the left-hand menu, select Access control (IAM) > Add > Add role assignment.
3. In the Add role assignment pane, select the role of Owner, and in the Select box, search for and select the new Azure AD tenant (Tenant2).
4. Click Save to add the new tenant to your subscription and assign the Owner role to it.

After you have added and linked the new Azure AD tenant to your subscription, you can enable MFA for the users in Tenant2 without affecting Tenant1 by applying separate MFA policies to each tenant. You can configure MFA policies at the organization level in Azure AD by going to the Conditional Access blade and creating a new policy for each tenant.

Therefore, the correct answer is A. Create and link a subscription to Tenant2.